Adding a mapper program to the agent

To implement group policies for UNIX computers and users, you need to create the custom scripts or programs that modify the appropriate UNIX configuration files or settings. You can create the programs or scripts using the programming or scripting language of your choice. Most of the Centrify policies use Perl scripts and you can use those scripts for models if you choose to use Perl.

Once you create a program or script to implement a group policy, you need to:

  • Place the program or script in the /usr/share/centrifydc/mappers/machine directory if it is a computer configuration group policy, or in the /usr/share/centrifydc/mappers/user/user_name directory if it is a user configuration group policy.
  • Make the program or script an executable file.
  • Use the runmappers command to test that the program or script works as expected and updates the appropriate configuration file.

By default, when you use the runmappers command, it executes all of the programs in both the /usr/share/centrifydc/mappers/machine and the /usr/share/centrifydc/mappers/user/user_name directories. Optionally, you can run the command to only execute your custom program. For example, if you have created an executable script called setport.pl as a UNIX computer configuration policy and placed the file in the /usr/share/centrifydc/mappers/machine directory, you could use a command similar to the following to execute the script along with the other computer configuration mapper programs and test its behavior:

runmappers machine map

Note:   To run the mapping programs for a user, you must specify the user’s UNIX login name to identify which user’s group policies should be mapped or unmapped. For example, to run the mapping programs for the UNIX user account jgarcia in the /usr/share/centrifydc/mappers/user/jgarcia directory, you could use a command similar to the following:

runmappers user jgarcia map