How to Import User Mappings From a Rule-Mapping File (Solaris CIFS Administration Guide)

Solaris CIFS Administration Guide

How to Import User Mappings From a Rule-Mapping File

The idmap import command enables you to import a set of rule-based user mappings that are stored in a file.

The idmap supports these file formats:

The NetApp usermap.cfg rule-mapping format is as follows:
windows-username [direction] unix-username
windows-username is a Windows user name in either the domain-name\username or username@domain-name format.

unix-username is a Solaris user name.

direction is one of the following:
- == means a bidirectional mapping, which is the default.
- => or <= means a unidirectional mapping.
The IP qualifier is not supported.
The Samba smbusers rule-mapping format is as follows:
unixname = winname1 winname2 ...
The mappings are imported as unidirectional mappings from one or more Windows names to a Solaris name.

The format is based on the “username map” entry of the smb.conf man page, which is available on the samba.org web site. The use of an asterisk (*) for winname is supported. However, the @group directive and the chaining of mappings are not supported.

By default, if no mapping entries are in the smbusers file, Samba maps a winname to the equivalent unixname, if any. The following idmap command shows this mapping:
idmap add -d winuser:"*@*" unixuser:"*"

Become superuser, assume an equivalent role, obtain the solaris.admin.idmap.rules RBAC authorization, or use the “Idmap Service Management” RBAC profile.

Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

Import the user mappings from standard input or from a file.
# idmap import [-F] [-f file] format
For example, suppose that you have a file called myusermaps that uses the usermap.cfg format to specify the following user name mappings:
# cat myusermaps dana@example.com == dana danab@example.com => dana
Use one of the following commands to add these mappings to the database:
- # cat myusermaps | idmap import usermap.cfg
- # idmap import -f myusermaps usermap.cfg

© 2010, Oracle Corporation and/or its affiliates