Add a user to a classic zone

Adding a UNIX user or group profile to an Active Directory user or group object requires you to know the security identifier (SID) for the Active Directory user or Active Directory group. This information is necessary to link the UNIX attributes in the UNIX profile to its corresponding Active Directory account. One way to get this information is to use the Windows Server directory service command-line tool dsquery to return the SID for a specific user:

dsquery user -samid user | dsget user -sid -samid

For example, to list the samAccount name and SID for the user with the samaccountname jane:

dsquery user -samid jane | dsget user -sid -samid

Note:   For more information on using dsquery, search for the command on the Microsoft website.

Once you have identified the SID for a user or group, you can use the ldapadd command to add a profile for the user or group to the zone.

The following example illustrates how to add user “joe” to “zone1” where “zone1” is a classic RFC 2307-compliant zone:

ldapadd -H ldap://mydc.acme.com << END_DATA
dn: CN=joe,CN=Users,cn=zone1,cn=myzones,dc=acme,dc=com
objectClass: posixAccount
objectClass: serviceConnectionPoint
cn: joe
displayName: \$CimsUserVersion3
showInAdvancedViewOnly: TRUE
name: joe
keywords: unix_enabled:True
keywords: parentLink:S-1-5-21-397955417-626881126-188441444-512
uid: joe
uidNumber: 123
gidNumber: 234
unixHomeDirectory: /home/joe
loginShell: /bin/bash
END_DATA

The following example illustrates how to add the user profile “joe” to “zone1” where “zone1” is a Standard zone:

ldapadd -H ldap://mydc.acme.com << END_DATA
dn: CN=joe,CN=Users,cn=zone1,cn=myzones,dc=acme,dc=com
objectClass: serviceConnectionPoint
cn: joe
displayName: \$CimsUserVersion2
showInAdvancedViewOnly: TRUE
name: joe
keywords: unix_enabled:True
keywords: parentLink:S-1-5-21-397955417-626881126-188441444-512
keywords: uid:123
keywords: gid:234
keywords: home:/home/joe
keywords: shell:/bin/bash
END_DATA