How to Add a Directory-Based Name Mapping to a Group Object
This procedure shows how to perform the following directory-based name mapping:
-
Map a Windows group to a Solaris group by adding the Solaris group name to the AD object for the specified Windows group.
-
Map a Solaris group to a Windows group by adding the Windows group name to the native LDAP object for the specified Solaris group.
-
Become superuser, assume an equivalent role, obtain the solaris.admin.idmap.rules RBAC authorization, or use the “Idmap Service Management” RBAC profile.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
-
Determine whether to augment a group object in AD or in the native LDAP service.
-
To augment the Windows group object in AD, type:
# idmap set-namemap wingroup:group-name@domain-name unixgroup:group-name
For example, the following command maps Windows group salesgrp@example.com to Solaris group sales by adding the Solaris name to the AD object for salesgrp@example.com:
# idmap set-namemap wingroup:salesgrp@example.com unixgroup:sales
-
To augment the Solaris group object in native LDAP, type:
# idmap set-namemap unixgroup:group-name wingroup:group-name@domain-name
For example, the following command maps Solaris group sales to Windows group salesgrp@example.com by adding the Windows name to the native LDAP object for sales:
# idmap set-namemap unixgroup:sales wingroup:salesgrp@example.com
-
- © 2010, Oracle Corporation and/or its affiliates