How to Remove a Directory-Based Name Mapping From a Group Object
-
Become superuser, assume an equivalent role, obtain the solaris.admin.idmap.rules RBAC authorization, or use the “Idmap Service Management” RBAC profile.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
-
View the directory-based name mapping information for the specified group.
# idmap get-namemap group-name
-
Remove the group name stored in the group object of AD or native LDAP.
-
Remove the Solaris name from the AD object for the specified group.
# idmap unset-namemap wingroup:group-name@domain-name
For example, the following command removes the Solaris name from the AD object for Windows group salesgrp@example.com:
# idmap unset-namemap wingroup:salesgrp@example.com
-
Remove the Windows name from the native LDAP object for the specified group.
# idmap unset-namemap unixgroup:group-name
For example, the following command removes the Windows name from the native LDAP object for Solaris group sales:
# idmap unset-namemap unixgroup:sales
-
- © 2010, Oracle Corporation and/or its affiliates