Oracle^® ZFS Storage Appliance Administration Guide, Release OS8.7.x

Configuring Identity Mapping (CLI)

Use the following procedure to configure identity mapping.

Before You Begin

Ensure that you are joined to at least one Active Directory domain.

1. Go to configuration services idmap.
2. Enter get to view the identity mapping properties.

   hostname:configuration services idmap> get
       
   <status> = online
   ad_unixuser_attr = 
   ad_unixgroup_attr = 
   nldap_winname_attr = 
   directory_based_mapping = none
       
          The three *_attr properties correspond to the three fields on C>S>Identity
         Mapping>Properties.

3. Set directory_based_mapping to one of the following mapping modes.
   • To use rule-based mapping, set directory_based_mapping to none.

     hostname:configuration services idmap> set directory_based_mapping=none
     hostname:configuration services idmap>

   • To use directory-based mapping, set directory_based_mapping to name and assign each of the following attributes.

     • ad_unixuser_attr - Name in the Active Directory database of the equivalent UNIX user name

     • ad_unixgroup_attr - Name in the Active Directory database of the equivalent UNIX group name

     • nldap_winname_attr - Name in the LDAP database of the equivalent Windows identity

     hostname:configuration services idmap> set directory_based_mapping=name
     hostname:configuration services idmap> set ad_unixuser_attr=demo_unixuser
     hostname:configuration services idmap> set ad_unixgroup_attr=demo_group
     hostname:configuration services idmap> set nldap_winname_attr=demo_winuser

   • To use Identity Management for UNIX (IDMU), set directory_based_mapping to idmu.

     hostname:configuration services idmap> set directory_based_mapping=idmu
     hostname:configuration services idmap>

Related Topics

• For information on the different mapping modes, see Identity Mapping Concepts.

• To create an "allow" or "deny" mapping rule, see Creating a Mapping Rule (CLI).