On Mon, Sep 29, 2008 at 12:48:35PM -0400, HUGE | Rob Terhaar wrote: > Hi All, > > On our solaris CIFS install, we're using IDMAP and ldapclient with win2k3 > r2's SFU attributes to map permanent UID/GID's and other attributes to > users. One problem that we're running into is that microsoft has two > separate places in AD for group membership, one for normal AD groups and one > for NIS groups. > > Is it possible to tell the solaris ldap client to use the AD groups for > group membership instead of the SFU posix groups? I've attached a copy of > our current ldapclient join command, I hope it's as simple as modifying the > ldap attribute that solaris uses to lookup group membership.
Doug Leavitt (cc'ed) will probably know. Nico > /usr/sbin/ldapclient -v manual \ > -a credentialLevel=proxy \ > -a authenticationMethod=simple \ > -a proxyDN=cn=user,dc=domain,dc=com \ > -a proxyPassword=password \ > -a defaultSearchBase=dc=domain,dc=com \ > -a domainName=domain.com \ > -a defaultServerList=dc1,dc2 \ > -a attributeMap=group:userpassword=userPassword \ > -a attributeMap=group:memberuid=memberUid \ > -a attributeMap=group:gidnumber=gidNumber \ > -a attributeMap=passwd:gecos=cn \ > -a attributeMap=passwd:gidnumber=gidNumber \ > -a attributeMap=passwd:uidnumber=uidNumber \ > -a attributeMap=passwd:homedirectory=unixHomeDirectory \ > -a attributeMap=passwd:loginshell=loginShell \ > -a attributeMap=shadow:shadowflag=shadowFlag \ > -a attributeMap=shadow:userpassword=userPassword \ > -a objectClassMap=group:posixGroup=group \ > -a objectClassMap=passwd:posixAccount=user \ > -a objectClassMap=shadow:shadowAccount=user \ > -a serviceSearchDescriptor=passwd:dc=domain,dc=com?sub \ > -a serviceSearchDescriptor=group:dc=domain,dc=com?sub > > > > _______________________________________________ > cifs-discuss mailing list > [email protected] > http://mail.opensolaris.org/mailman/listinfo/cifs-discuss _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
