1. Managing SMB File Sharing and Windows Interoperability in Oracle Solaris 11.4
  2. Setting Up Identity Mapping Between Windows and Oracle Solaris Systems
  3. Managing Directory-Based Name Mapping for Users and Groups
  4. How to Add a Directory-Based Name Mapping to a User or Group Object

How to Add a Directory-Based Name Mapping to a User or Group Object

This procedure shows how to perform the following directory-based name mapping:

  • Mapping a Windows user or group to an Oracle Solaris user or group by adding the Oracle Solaris user or group name to the AD object for the specified Windows user.

  • Mapping an Oracle Solaris user or group to a Windows user by adding the Windows user or group name to the native LDAP object for the specified Oracle Solaris user or group.

For more information about the idmap set-namemap command and its options, see the idmap(8) man page.

  1. Become an administrator.
  2. Determine whether to augment a user or group object in AD or in the native LDAP service.

    • Augment a user object.

      • To augment the Windows user object in AD:

        $ idmap set-namemap winuser:wusername@domain-name unixuser:uusername

        For example, the following command maps Windows user first@example.com to Oracle Solaris user firstlast by adding the Oracle Solaris name to the AD object for first@example.com. 

        $ idmap set-namemap winuser:first@example.com unixuser:firstlast

      • To augment the Oracle Solaris user object in native LDAP:

        $ idmap set-namemap unixuser:uusername winuser:wusername@domain-name

        For example, the following command maps Oracle Solaris user firstlast to Windows user first@example.com by adding the Windows name to the native LDAP object for firstlast. 

        $ idmap set-namemap unixuser:firstlast winuser:first@example.com

    • Augment a group object.

      • To augment the Windows group object in AD:

        $ idmap set-namemap wingroup:group-name@domain-name unixgroup:group-name

        For example, the following command maps the Windows group salesgrp@example.com to the Oracle Solaris group sales by adding the Oracle Solaris name to the AD object for salesgrp@example.com. 

        $ idmap set-namemap wingroup:salesgrp@example.com unixgroup:sales

      • To augment the Oracle Solaris group object in native LDAP:

        $ idmap set-namemap unixgroup:group-name wingroup:group-name@domain-name

        For example, the following command maps the Oracle Solaris group sales to the Windows group salesgrp@example.com by adding the Windows name to the native LDAP object for sales. 

        $ idmap set-namemap unixgroup:sales wingroup:salesgrp@example.com