See below. James C. McPherson wrote: > Nicolas Williams wrote: >> On Tue, Feb 05, 2008 at 09:14:09AM -0800, Rob Nelson wrote: >>> Is there some documentation on how to map solaris LDAP schema to >>> Windows AD schema for using the new "AD-only" idmapping mode that came >>> in from 2007/663 in snv_b81? >> I don't know what official Sun docs document the schema mapping >> procedures for nss_ldap, but I've certainly found plenty of material on >> the web, this being the most salient: >> >> http://blog.scottlowe.org/?p=447 >> >> (Scroll down to "Configuring LDAP".) >> >>> How does one put idmap in AD-only mode, and then insure that the >>> RFC2307 schema in Windows AD is used? >> You don't have to do anything at all for idmap to be in AD-only mode. >> By default it only does ephemeral ID mapping (for SID->UID/GID mapping) >> and local SID mapping (for non-ephemeral UID/GID->SID mapping). > > Is this the compulsory mode of operation now? I noticed that since > going from 77 to 81, I am no longer able to connect from my win-XP > or win-Vista systems. The message I see is > > > Feb 6 15:33:12 farnarkle idmap[7189]: [ID 678313 daemon.error] Failed to > create request for AD lookup by winname
idmapd only maps identities between Windows and Solaris. Currently the only user of this service if the CIFS server. If you want to use idmap with AD you must configure the CIFS server to perform an AD join. idmapd does not require any extra schema definitions. It does not use the RFC2307 schema. It knows how to search AD to translate SIDs to Windows names. > > > >>> I have installed "Unix Services" under W2K3 Server which gives AD the >>> RFC2307 schema support, but how does one configure the idmap side? >> One doesn't configure idmap so much as the native LDAP client. >> >> The configuration involves installing schema mapping information. That >> is, running ldapclient(1M) with -a arguments to setup attributeMap, >> objectClassMap, ... > > Is there a minimum schema definition which idmapd requires? > > > thanks, > James > -- > Senior Kernel Software Engineer, Solaris > Sun Microsystems > http://blogs.sun.com/jmcp http://www.jmcp.homeunix.com/blog > _______________________________________________ > sparks-discuss mailing list > [EMAIL PROTECTED] > http://mail.opensolaris.org/mailman/listinfo/sparks-discuss _______________________________________________ storage-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/storage-discuss
