Using Directory-Based Name Mapping

Directory-based name mappings are stored globally, and each mapping is configured individually. Use this method if many SMB servers are being used in your environment.

If you decide to use directory-based mappings, use one of the following guidelines to determine which naming service or services to employ:

  • If you have already deployed AD or native LDAP, use that naming service.

  • For one-to-one mappings, if you have few native LDAP domains and do most of your administration in AD, choose AD-only mode. Otherwise, choose native LDAP-only mode.

    If you need more flexibility than what one-to-one mappings offer, use mixed mode: both AD and native LDAP. For example, to map Windows entities to one native LDAP user, group, or both, use mixed mode. Similarly, use mixed mode to map multiple native LDAP users or groups to one Windows entity.

  • You can employ directory-based mapping and name-based rules.

Use the following method to configure directory-based mapping:

  1. Extend the AD schema, the native LDAP schema, or both, with new attributes to represent a UNIX user name, a UNIX group name, or a Windows name. Also, populate the AD or native LDAP user and group objects, or both types of objects, with the appropriate attribute and value. See How to Extend the Active Directory Schema, and User and Group Entries and How to Extend the Native LDAP Schema, and User and Group Entries.


    If you do not want to modify the schema and suitable attributes already exist in either AD or native LDAP, use those attributes.
  2. Enable directory-based mapping, and inform the idmap service about the attributes to be used. See How to Configure Directory-Based Mapping.