How to Add a User or Group Mapping Rule

For information about formatting user and group names, see Formatting Group and User Names.

  1. Become an administrator.
  2. Create the mapping.

    By default, identity mappings are bidirectional, which means that the Windows name is mapped to the Oracle Solaris name and the Oracle Solaris name is mapped to the Windows name. If you want the mapping to be unidirectional, specify the -d option.

    • Create a user mapping.

      • To create a bidirectional mapping between a Windows user name and an Oracle Solaris user name:

        $ idmap add winuser:username@domain-name unixuser:username
      • To create a unidirectional mapping between a Windows user name and an Oracle Solaris user name:

        $ idmap add -d winuser:username@domain-name unixuser:username
      • To create a unidirectional mapping between an Oracle Solaris user name and a Windows user name:

        $ idmap add -d unixuser:username winuser:username@domain-name
    • Create a group mapping.

      If Windows uses a group identity as a file owner or a user identity as a file group, you need to create a diagonal mapping to map between a Windows group and an Oracle Solaris user and between an Oracle Solaris group and a Windows user.

      • To create a bidirectional mapping between a Windows group name and an Oracle Solaris group name:

        $ idmap add wingroup:group-name@domain-name unixgroup:group-name
      • To create a unidirectional mapping between a Windows group name and an Oracle Solaris group name:

        $ idmap add -d wingroup:group-name@domain-name unixgroup:group-name
      • To create a unidirectional mapping between an Oracle Solaris group name and a Windows group name:

        $ idmap add -d unixgroup:group-name wingroup:group-name@domain-name
      • To create a diagonal mapping between a Windows group name and an Oracle Solaris user name:

        $ idmap add -d wingroup:group-name@domain-name unixuser:username
      • To create a diagonal mapping between an Oracle Solaris group name and a Windows user name:

        $ idmap add -d unixgroup:group-name winuser:username@domain-name