The NFSv4 idmap approach allows a great deal of flexibility in terms of how users and accounts are mapped between the NFS server and the local system -- but with this comes significant configuration complexity. If trying to build a turnkey solution that works with any site-local NFS server, this can be particularly unfortunate.
Is there a reasonable mechanism for a Linux NFSv4 client to available to mount an NFS server with a different user account mapped to the anonymous user for different subtrees, or to have different mounts off the same server with different idmaps assigned?
That is to say:
/mnt/server-a/foo ## in this subtree, unknown owners are mapped to the local account "foo"
/mnt/server-a/bar ## in this subtree, unknown owners are mapped to the local account "bar"
I'm even considering approaches such as loopback fuse-based servers -- though the performance impact would make this quite unfortunate.