Viewing a Mapping for a Particular Identity

Use the idmap show command to view the particular name or ID for a name or ID that you specify.

To show the equivalent identity for a particular name or ID:

$ idmap show [-c] [-v] identity [target-type]

By default, the idmap show command only shows mappings that have already been established.

For example, to view the SID that is mapped to UID 2147926017, you would type:

$ idmap show uid:2147926017 sid
uid:2147926017 -> sid:S-1-5-21-721821396-1083305290-3049112724-500

To view the Oracle Solaris user name for the Windows user name administrator@example.com, you would type:

$ idmap show administrator@example.com
winuser:administrator@example.com -> uid:2147926017

If you specify the -c option, idmap show forces the evaluation of rule-based mapping configurations or the dynamic allocation of IDs. This command also shows mapping information when an error occurs to help diagnose mapping problems.

The -v option includes additional information about how the identity mapping was generated, which can help with troubleshooting. The following example shows that the mapping is ephemeral and was retrieved from the cache:

$ idmap show -v sid:S-1-5-21-2949573101-2750415176-3223191819-884217
sid:S-1-5-21-2949573101-2750415176-3223191819-884217 -> uid:2175201213
Source: Cache
Method: Ephemeral

For name-based mappings, the idmap show -v command shows either the mapping rule or the directory distinguished name with the attribute and value that created the mapping.