Creating a Mapping Rule (BUI)
■
ad_unixgroup_attr - Name in the Active Directory database of the equivalent UNIX
group name
■
nldap_winname_attr - Name in the LDAP database of the equivalent Windows
identity
hostname:configuration services idmap> set directory_based_mapping=name
hostname:configuration services idmap> set ad_unixuser_attr=demo_unixuser
hostname:configuration services idmap> set ad_unixgroup_attr=demo_group
hostname:configuration services idmap> set nldap_winname_attr=demo_winuser
■
To use Identity Management for UNIX (IDMU), set directory_based_mapping to
idmu.
hostname:configuration services idmap> set directory_based_mapping=idmu
hostname:configuration services idmap>
Related Topics
■
For information on the different mapping modes, see “Identity Mapping
Concepts” on page 308.
■
To create an "allow" or "deny" mapping rule, see “Creating a Mapping Rule
(CLI)” on page 302.
Creating a Mapping Rule (BUI)
Use the following procedure to grant or deny credentials for specific users through the identity
mapping service. An "allow" mapping rule grants Windows identity credentials from a UNIX
identity or vice versa. A "deny" mapping rule blocks a Windows identity from receiving the
credentials of a UNIX identity or vice versa.
Note - If you create a mapping rule that blocks a particular user, and the user's name then
changes, the mapping no longer blocks that user.
Before You Begin
Configure rule-based mapping as described in “Configuring Identity Mapping
(BUI)” on page 299.
1.
Go to Configuration > Services > Identity Mapping > Rules.
2.
Click the add item icon next to Rules.
3.
In the Add Mapping Rule dialog box, choose either Allow or Deny for the mapping
type.
Appliance Services 301
To Next Page
Loading...
