Hi All, On our solaris CIFS install, we're using IDMAP and ldapclient with win2k3 r2's SFU attributes to map permanent UID/GID's and other attributes to users. One problem that we're running into is that microsoft has two separate places in AD for group membership, one for normal AD groups and one for NIS groups.
Is it possible to tell the solaris ldap client to use the AD groups for group membership instead of the SFU posix groups? I've attached a copy of our current ldapclient join command, I hope it's as simple as modifying the ldap attribute that solaris uses to lookup group membership. /usr/sbin/ldapclient -v manual \ -a credentialLevel=proxy \ -a authenticationMethod=simple \ -a proxyDN=cn=user,dc=domain,dc=com \ -a proxyPassword=password \ -a defaultSearchBase=dc=domain,dc=com \ -a domainName=domain.com \ -a defaultServerList=dc1,dc2 \ -a attributeMap=group:userpassword=userPassword \ -a attributeMap=group:memberuid=memberUid \ -a attributeMap=group:gidnumber=gidNumber \ -a attributeMap=passwd:gecos=cn \ -a attributeMap=passwd:gidnumber=gidNumber \ -a attributeMap=passwd:uidnumber=uidNumber \ -a attributeMap=passwd:homedirectory=unixHomeDirectory \ -a attributeMap=passwd:loginshell=loginShell \ -a attributeMap=shadow:shadowflag=shadowFlag \ -a attributeMap=shadow:userpassword=userPassword \ -a objectClassMap=group:posixGroup=group \ -a objectClassMap=passwd:posixAccount=user \ -a objectClassMap=shadow:shadowAccount=user \ -a serviceSearchDescriptor=passwd:dc=domain,dc=com?sub \ -a serviceSearchDescriptor=group:dc=domain,dc=com?sub _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
