This procedure shows how to perform the following directory-based name mapping:
Mapping a Windows user or group to an Oracle Solaris user or group by adding the Oracle Solaris user or group name to the AD object for the specified Windows user.
Mapping an Oracle Solaris user or group to a Windows user by adding the Windows user or group name to the native LDAP object for the specified Oracle Solaris user or group.
For more information about the idmap set-namemap command and its options, see the idmap (1M) man page.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .
To augment the Windows user object in AD:
# idmap set-namemap winuser:username@domain-name unixuser:username
For example, the following command maps Windows user maryb@example.com to Oracle Solaris user mary by adding the Oracle Solaris name to the AD object for maryb@example.com.
# idmap set-namemap winuser:maryb@example.com unixuser:mary
To augment the Oracle Solaris user object in native LDAP:
# idmap set-namemap unixuser:username winuser:username@domain-name
For example, the following command maps Oracle Solaris user mary to Windows user maryb@example.com by adding the Windows name to the native LDAP object for mary.
# idmap set-namemap unixuser:mary winuser:maryb@example.com
To augment the Windows group object in AD:
# idmap set-namemap wingroup:group-name@domain-name unixgroup:group-name
For example, the following command maps the Windows group salesgrp@example.com to the Oracle Solaris group sales by adding the Oracle Solaris name to the AD object for salesgrp@example.com.
# idmap set-namemap wingroup:salesgrp@example.com unixgroup:sales
To augment the Oracle Solaris group object in native LDAP:
# idmap set-namemap unixgroup:group-name wingroup:group-name@domain-name
For example, the following command maps the Oracle Solaris group sales to the Windows group salesgrp@example.com by adding the Windows name to the native LDAP object for sales.
# idmap set-namemap unixgroup:sales wingroup:salesgrp@example.com