This procedure shows how to perform the following directory-based name mapping:
Map a Windows user to a Solaris user by adding the Solaris user name to the AD object for the specified Windows user.
Map a Solaris user to a Windows user by adding the Windows user name to the native LDAP object for the specified Solaris user.
For more information about the idmap set-namemap command and its options, see the idmap(1M) man page.
Become superuser, assume an equivalent role, obtain the solaris.admin.idmap.rules RBAC authorization, or use the “Idmap Service Management” RBAC profile.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
Determine whether to augment a user object in AD or in the native LDAP service.
To augment the Windows user object in AD, type:
# idmap set-namemap winuser:username@domain-name unixuser:username |
For example, the following command maps Windows user danab@example.com to Solaris user dana by adding the Solaris name to the AD object for danab@example.com:
# idmap set-namemap winuser:danab@example.com unixuser:dana |
To augment the Solaris user object in native LDAP, type:
# idmap set-namemap unixuser:username winuser:username@domain-name |
For example, the following command maps Solaris user dana to Windows user danab@example.com by adding the Windows name to the native LDAP object for dana:
# idmap set-namemap unixuser:dana winuser:danab@example.com |