This is exactly what I have done now, but doing a getent group linuxadmin shows me only:
r...@filer2:~# getent passwd fm1007 fm1007:x:10023:10000002:Florian Manschwetus:/home/fm1007:/bin/bash r...@filer2:~# getent group linuxadmin LinuxAdmin::1000000: On my linux machine (configured in the same way): trac:~# getent passwd fm1007 fm1007:*:10023:10000002:Florian Manschwetus:/home/fm1007:/bin/bash trac:~# getent group linuxadmin LinuxAdmin:*:1000000:schnitt,fm1007,jschroed,erwin my ldap config script: cat ldapclientconfig.sh #!/bin/bash /usr/sbin/ldapclient -v manual \ -a credentialLevel=self \ -a authenticationMethod=sasl/GSSAPI \ -a defaultSearchBase=DC=ntdom,DC=changed,DC=de \ -a domainName=ntdom.changed.de \ -a defaultServerList=dc1,dc2 \ -a defaultSearchScope=sub \ -a attributeMap=passwd:gecos=displayname \ -a attributeMap=passwd:homedirectory=unixHomeDirectory \ -a objectClassMap=shadow:shadowAccount=user \ -a objectClassMap=group:posixGroup=group \ -a objectClassMap=passwd:posixAccount=user \ -a serviceSearchDescriptor=group:ou=Groups,dc=ntdom,dc=changed,dc=de?sub \ -a serviceSearchDescriptor=passwd:ou=Accounts,dc=ntdom,dc=changed,dc=de?sub I really need a hint. thx, florian Julian Pullen schrieb: > Florian, > > I am not on the opensolaris-discuss alias so please include me on reply. > > idmap is for mapping Solaris identities to Windows identities. It does > name based mapping. It coverts SIDs, UIDs and GID to names and hence maps > a Windows name to a Solaris name. > > We currently don't have a naming backend that understands Active Directory, > but you can use the current LDAP backend if you use Windows "Identity > Mangement > for UNIX" and a some LDAP attribute mapping. See > http://www.sun.com/bigadmin/features/articles/kerberos_s10.jsp > > Regards > > Julian > > > > > > Florian Manschwetus wrote: >> Our ActiveDiretory (based on 2003 R2) is extended using ServicesForUnix, >> so there are fields for numericUID, numericGID, unixhomedir, loginshell >> and so on, in short all (at least for my linux stuff) what is needed to >> define *nix users. But idmap doesn't use it, it generates new mappings >> on demand what is not what I intended. Could some one tell me more >> detailed stuff about the fields used for mapping and what data is >> expected to be there. >> I have read a lot of the referenced documentation but nothing seems to >> really fit to my problem / setup. >> >> thanks, >> florian >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> opensolaris-discuss mailing list >> opensolaris-discuss@opensolaris.org >
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org