To Define Identity Mappings for GSSAPI (Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide)

Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide

To Define Identity Mappings for GSSAPI

You cannot use DSCC to perform this task. Use the command line, as described in this procedure.

Create new mapping entries under cn=GSSAPI,cn=identity mapping, cn=config.

See Sun Java System Directory Server Enterprise Edition 6.3 Reference for the definition of the attributes in an identity mapping entry. Examples of GSSAPI mappings are located in instance-path/ldif/identityMapping_Examples.ldif.

The default GSSAPI mapping in this file assumes that the Principal contains only a user ID. This mapping determines a user in a fixed branch of the directory:

dn: cn=default,cn=GSSAPI,cn=identity mapping,cn=config
objectclass: dsIdentityMapping
objectclass: nsContainer
objectclass: top
cn: default
dsMappedDN: uid=\${Principal},ou=people,dc=example,dc=com

Another example in this file shows how to determine the user ID when the user ID is contained in a Principal that includes a known realm.

dn: cn=same_realm,cn=GSSAPI,cn=identity mapping,cn=config
objectclass: dsIdentityMapping
objectclass: dsPatternMatching
objectclass: nsContainer
objectclass: top
cn: same_realm
dsMatching-pattern: \${Principal}
dsMatching-regexp: (.*)@EXAMPLE.COM
dsMappedDN: uid=\$1,ou=people,dc=EXAMPLE,dc=COM

Restart Directory Server for your new mappings to take effect.