This section describes how to show mapping information. The idmap list command to view all of the rule-based identity mappings that you created for users and groups. You can also find particular mappings for users and groups.
To list all of the mappings:
$ idmap list add winuser:john@example.com unixuser:johnm add wingroup:members unixgroup:staff
To list only the user mappings:
$ idmap list | grep user add winuser:john@example.com unixuser:johnm
To list only the group mappings:
$ idmap list | grep group add wingroup:members unixgroup:staff
Use the idmap show command to view the particular name or ID for a name or ID that you specify.
To show the equivalent identity for a particular name or ID:
$ idmap show [-c] [-v] identity [target-type]
By default, the idmap show command only shows mappings that have already been established.
For example, to view the SID that is mapped to UID 2147926017, you would type:
$ idmap show uid:2147926017 sid uid:2147926017 -> sid:S-1-5-21-721821396-1083305290-3049112724-500
To view the Oracle Solaris user name for the Windows user name administrator@example.com, you would type:
$ idmap show administrator@example.com winuser:administrator@example.com -> uid:2147926017
If you specify the –c option, idmap show forces the evaluation of rule-based mapping configurations or the dynamic allocation of IDs. This command also shows mapping information when an error occurs to help diagnose mapping problems.
The –v option includes additional information about how the identity mapping was generated, which can help with troubleshooting. The following example shows that the mapping is ephemeral and was retrieved from the cache:
# idmap show -v sid:S-1-5-21-2949573101-2750415176-3223191819-884217 sid:S-1-5-21-2949573101-2750415176-3223191819-884217 -> uid:2175201213 Source: Cache Method: Ephemeral
For name-based mappings, the idmap show -v command shows either the mapping rule or the directory distinguished name with the attribute and value that created the mapping.
Use the idmap dump command to view all of the SID-to-UID and SID-to-GID mappings that are stored in the cache.
By default, the idmap dump command lists only the mappings themselves. The –v option includes additional information about how the identity mapping was generated, which can help with troubleshooting. The –n option shows names instead of IDs.
$ idmap dump -n winuser:mary@a.john.example.com <= uid:2147909633 winuser:u2@a.john.example.com <= uid:2147909634 wingroup:Group Policy Creator Owners@a.john.example.com == gid:2147917831 wingroup:Domain Admins@a.john.example.com == gid:2147917832 wingroup:Enterprise Admins@a.john.example.com == gid:2147917833 wingroup:Schema Admins@a.john.example.com == gid:2147917834 wingroup:Netmon Users@a.john.example.com == gid:2147917836 wingroup:Administrators@BUILTIN == gid:2147917837 usid:S-1-5-21-156362980-169493972-3399456007-500 == uid:2147917825 usid:S-1-5-21-156362980-169493972-3399456007-520 == gid:2147917826 usid:S-1-5-21-156362980-169493972-3399456007-512 == gid:2147917827 usid:S-1-5-21-156362980-169493972-3399456007-519 == gid:2147917828 usid:S-1-5-21-156362980-169493972-3399456007-518 == gid:2147917829 wingroup:Network == gid:2147557379 wingroup:Authenticated Users == gid:2147917830 winuser:administrator@solar == uid:2147926017 winuser:Administrator@a.john.example.com == uid:2147557377 usid:S-1-5-21-156362980-169493972-3399456007-513 == gid:2147557378
To list only the user mappings:
$ idmap dump -n | grep uid winuser:mary@a.john.example.com <= uid:2147909633 winuser:u2@a.john.example.com <= uid:2147909634 usid:S-1-5-21-156362980-169493972-3399456007-500 == uid:2147917825 winuser:administrator@solar == uid:2147926017 winuser:Administrator@a.john.example.com == uid:2147557377
To list only the group mappings:
$ idmap dump -n | grep gid wingroup:Group Policy Creator Owners@a.john.example.com == gid:2147917831 wingroup:Domain Admins@a.john.example.com == gid:2147917832 wingroup:Enterprise Admins@a.john.example.com == gid:2147917833 wingroup:Schema Admins@a.john.example.com == gid:2147917834 wingroup:Netmon Users@a.john.example.com == gid:2147917836 wingroup:Administrators@BUILTIN == gid:2147917837 usid:S-1-5-21-156362980-169493972-3399456007-520 == gid:2147917826 usid:S-1-5-21-156362980-169493972-3399456007-512 == gid:2147917827 usid:S-1-5-21-156362980-169493972-3399456007-519 == gid:2147917828 usid:S-1-5-21-156362980-169493972-3399456007-518 == gid:2147917829 wingroup:Network == gid:2147557379 wingroup:Authenticated Users == gid:2147917830 usid:S-1-5-21-156362980-169493972-3399456007-513 == gid:2147557378