Listing users in RFC 2307-compliant zones

In a standard RFC 2307-compliant zone, listing user account information requires the following permissions:

Select this target object To apply these permissions

The serviceConnectionPoint object for the user account

Click the Properties tab and select Allow to apply the following properties to this object for each user included in the list:

  • Read displayName
  • Read keywords
  • Read managedBy
  • Read objectClass
  • Read uid to display the UNIX name
  • Read uidNumber to display the UNIX UID
  • Read gidNumber to display the GID of the user’s primary group
  • Read logonShell to display the default shell for the user
  • Read unixHomeDirectory to display the user’s home directory
  • Read Public Information to display the userPrincipalName for the user