Nicolas Williams wrote: > On Tue, Feb 05, 2008 at 09:14:09AM -0800, Rob Nelson wrote: >> Is there some documentation on how to map solaris LDAP schema to >> Windows AD schema for using the new "AD-only" idmapping mode that came >> in from 2007/663 in snv_b81? > > I don't know what official Sun docs document the schema mapping > procedures for nss_ldap, but I've certainly found plenty of material on > the web, this being the most salient: > > http://blog.scottlowe.org/?p=447 > > (Scroll down to "Configuring LDAP".) > >> How does one put idmap in AD-only mode, and then insure that the >> RFC2307 schema in Windows AD is used? > > You don't have to do anything at all for idmap to be in AD-only mode. > By default it only does ephemeral ID mapping (for SID->UID/GID mapping) > and local SID mapping (for non-ephemeral UID/GID->SID mapping).
Is this the compulsory mode of operation now? I noticed that since going from 77 to 81, I am no longer able to connect from my win-XP or win-Vista systems. The message I see is Feb 6 15:33:12 farnarkle idmap[7189]: [ID 678313 daemon.error] Failed to create request for AD lookup by winname >> I have installed "Unix Services" under W2K3 Server which gives AD the >> RFC2307 schema support, but how does one configure the idmap side? > > One doesn't configure idmap so much as the native LDAP client. > > The configuration involves installing schema mapping information. That > is, running ldapclient(1M) with -a arguments to setup attributeMap, > objectClassMap, ... Is there a minimum schema definition which idmapd requires? thanks, James -- Senior Kernel Software Engineer, Solaris Sun Microsystems http://blogs.sun.com/jmcp http://www.jmcp.homeunix.com/blog _______________________________________________ storage-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/storage-discuss
