For information about formatting user and group names, see Formatting Group and User Names.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
By default, identity mappings are bidirectional, which means that the Windows name is mapped to the Oracle Solaris name and the Oracle Solaris name is mapped to the Windows name. If you want the mapping to be unidirectional, specify the –d option.
To create a bidirectional mapping between a Windows user name and an Oracle Solaris user name:
# idmap add winuser:username@domain-name unixuser:username
To create a unidirectional mapping between a Windows user name and an Oracle Solaris user name:
# idmap add -d winuser:username@domain-name unixuser:username
To create a unidirectional mapping between an Oracle Solaris user name and a Windows user name:
# idmap add -d unixuser:username winuser:username@domain-name
If Windows uses a group identity as a file owner or a user identity as a file group, you need to create a diagonal mapping to map between a Windows group and an Oracle Solaris user and between an Oracle Solaris group and a Windows user.
To create a bidirectional mapping between a Windows group name and an Oracle Solaris group name:
# idmap add wingroup:group-name@domain-name unixgroup:group-name
To create a unidirectional mapping between a Windows group name and an Oracle Solaris group name:
# idmap add -d wingroup:group-name@domain-name unixgroup:group-name
To create a unidirectional mapping between an Oracle Solaris group name and a Windows group name:
# idmap add -d unixgroup:group-name wingroup:group-name@domain-name
To create a diagonal mapping between a Windows group name and an Oracle Solaris user name:
# idmap add -d wingroup:group-name@domain-name unixuser:username
To create a diagonal mapping between an Oracle Solaris group name and a Windows user name:
# idmap add -d unixgroup:group-name winuser:username@domain-name