Adding a UNIX user or group profile to an Active Directory user or group object requires you to know the security identifier (SID) for the Active Directory user or Active Directory group. This information is necessary to link the UNIX attributes in the UNIX profile to its corresponding Active Directory account. One way to get this information is to use the Windows Server directory service command-line tool dsquery to return the SID for a specific user:
dsquery user -samid user | dsget user -sid -samid
For example, to list the samAccount name and SID for the user with the samaccountname jane:
dsquery user -samid jane | dsget user -sid -samid
Note: For more information on using dsquery, search for the command on the Microsoft website.
Once you have identified the SID for a user or group, you can use the ldapadd command to add a profile for the user or group to the zone.
The following example illustrates how to add user “joe” to “zone1” where “zone1” is a classic RFC 2307-compliant zone:
ldapadd -H ldap://mydc.acme.com << END_DATA dn: CN=joe,CN=Users,cn=zone1,cn=myzones,dc=acme,dc=com objectClass: posixAccount objectClass: serviceConnectionPoint cn: joe displayName: \$CimsUserVersion3 showInAdvancedViewOnly: TRUE name: joe keywords: unix_enabled:True keywords: parentLink:S-1-5-21-397955417-626881126-188441444-512 uid: joe uidNumber: 123 gidNumber: 234 unixHomeDirectory: /home/joe loginShell: /bin/bash END_DATA
The following example illustrates how to add the user profile “joe” to “zone1” where “zone1” is a Standard zone:
ldapadd -H ldap://mydc.acme.com << END_DATA dn: CN=joe,CN=Users,cn=zone1,cn=myzones,dc=acme,dc=com objectClass: serviceConnectionPoint cn: joe displayName: \$CimsUserVersion2 showInAdvancedViewOnly: TRUE name: joe keywords: unix_enabled:True keywords: parentLink:S-1-5-21-397955417-626881126-188441444-512 keywords: uid:123 keywords: gid:234 keywords: home:/home/joe keywords: shell:/bin/bash END_DATA
Doc Feedback