Identity Mapping Service

The Oracle Solaris OS includes an identity mapping service that enables you to map identities between Oracle Solaris systems and Windows systems.

This identity mapping service supports the following types of mappings between Windows identities and Oracle Solaris user IDs and group IDs (UIDs and GIDs):

  • Directory-based mapping.Uses mapping information that is stored in a name service directory along with other user or group information. The idmap service supports the following types of directory-based mappings:

    • Directory-based name mapping. Uses name mapping information that is stored in user or group objects in the Active Directory (AD), the native LDAP directory service, or both, to map users and groups.

    • Identity Management for UNIX (IDMU) directory mapping. Uses UID and GID information that is stored in the AD data for the Windows user or group. IDMU is an optional AD component that was introduced in Windows Server 2003R2.

  • Rule-based mapping. Uses idmap rules to map Windows and Oracle Solaris users and groups by name.

  • Ephemeral ID mapping. A UID or GID is dynamically allocated as needed for every Windows identity that is not already mapped. Ephemeral ID mapping is used by default.

  • Local ID mapping. UNIX identities without explicit mappings are automatically mapped to equivalent Windows local identities.

You use idmap command to create, manage, and monitor mappings.

For more information about mapping user and group identities, see Mapping User and Group Identities. For information about how to determine your identity mapping strategy, see Creating Your Identity Mapping Strategy. For instructions about how to use the idmap command, see Managing Directory-Based Name Mapping for Users and Groups, Managing Rule-Based Identity Mapping for Users and Groups, and the idmap(8) man page.