summaryrefslogtreecommitdiff
path: root/usr/src/man/man1m/idmap.1m
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/man/man1m/idmap.1m')
-rw-r--r--usr/src/man/man1m/idmap.1m44
1 files changed, 7 insertions, 37 deletions
diff --git a/usr/src/man/man1m/idmap.1m b/usr/src/man/man1m/idmap.1m
index 7854c02708..585760e0fd 100644
--- a/usr/src/man/man1m/idmap.1m
+++ b/usr/src/man/man1m/idmap.1m
@@ -3,11 +3,10 @@
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
.\" See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the
.\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH IDMAP 1M "Aug 3, 2009"
+.TH IDMAP 1M "November 22, 2021"
.SH NAME
idmap \- configure and manage the Native Identity Mapping service
.SH SYNOPSIS
-.LP
.nf
\fBidmap\fR
.fi
@@ -85,8 +84,6 @@ idmap \- configure and manage the Native Identity Mapping service
.fi
.SH DESCRIPTION
-.sp
-.LP
The \fBidmap\fR utility is used to configure and manage the Native Identity
Mapping service.
.sp
@@ -125,8 +122,6 @@ If the \fBidmap\fR utility is invoked without a subcommand or option, it reads
the subcommands from standard input. When standard input is a TTY, the
\fBidmap\fR command prints the usage message and exits.
.SS "Mapping Mechanisms"
-.sp
-.LP
The \fBidmapd\fR(1M) daemon maps Windows user and group SIDs to UNIX UIDs and
GIDs as follows:
.RS +4
@@ -160,8 +155,6 @@ Windows groups and Solaris users and between Solaris groups and Windows users.
They are needed when Windows uses a group identity as a file owner or vice
versa.
.SS "Name-based Mappings"
-.sp
-.LP
Name-based mappings establish name equivalence between Windows users and groups
and their counterparts in the UNIX name service. These mappings persist across
reboots. For example, the following command maps Windows users to UNIX users
@@ -169,7 +162,7 @@ with the same name:
.sp
.in +2
.nf
-# \fBidmap add "winuser:*@mywindomain.com" "unixuser:*"\fR
+# \fBidmap add "winuser:*@example.com" "unixuser:*"\fR
.fi
.in -2
.sp
@@ -250,8 +243,6 @@ add winname:fred@example.com unixuser:fredf
.sp
.SS "Ephemeral Mappings"
-.sp
-.LP
The \fBidmapd\fR daemon attempts to preserve ephemeral ID mappings across
daemon restarts. However, when IDs cannot be preserved, the daemon maps each
previously mapped SID to a new ephemeral UID or GID value. The daemon will
@@ -264,8 +255,6 @@ The dynamic ID mappings are not retained across reboots. So, any SIDs that are
dynamically mapped to UNIX UIDs or GIDs are most likely mapped to different IDs
after rebooting the system.
.SS "Local SID Mappings"
-.sp
-.LP
If no name-based mapping is found, a non-ephemeral UID or GID is mapped to an
algorithmically generated local SID. The mapping is generated as follows:
.sp
@@ -282,8 +271,6 @@ local SID for GID = \fI<machine SID>\fR - \fI<2^31 + GID>\fR
\fI<machine SID>\fR is a unique SID generated by the \fBidmap\fR service for
the host on which it runs.
.SS "Rule Lookup Order"
-.sp
-.LP
When mapping a Windows name to a UNIX name, lookup for name-based mapping rules
is performed in the following order:
.RS +4
@@ -366,8 +353,6 @@ is performed in the following order:
\fB*\fR to \fIwindows-name\fR\fB@\fR\fIdomain\fR
.RE
.SS "Service Properties"
-.sp
-.LP
The service properties determine the behavior of the \fBidmapd\fR(1M) daemon.
These properties are stored in the SMF repository (see \fBsmf\fR(5)) under
property group \fBconfig\fR. They can be accessed and modified using
@@ -432,8 +417,6 @@ Changes to service properties do not affect a running \fBidmap\fR service. The
service must be refreshed (with \fBsvcadm\fR(1M)) for the changes to take
effect.
.SH OPERANDS
-.sp
-.LP
The \fBidmap\fR command uses the following operands:
.sp
.ne 2
@@ -697,12 +680,9 @@ attribute within the object specified by the \fIname\fR operand.
.RE
.SH OPTIONS
-.sp
-.LP
The \fBidmap\fR command supports one option and a set of subcommands. The
subcommands also have options.
.SS "Command-Line Option"
-.sp
.ne 2
.na
\fB\fB-f\fR \fIcommand-file\fR\fR
@@ -715,8 +695,6 @@ not used by any subcommands.
.RE
.SS "Subcommands"
-.sp
-.LP
The following subcommands are supported:
.sp
.ne 2
@@ -947,11 +925,10 @@ See the \fBset-namemap\fR subcommand for options.
.RE
.SH EXAMPLES
-.LP
\fBExample 1 \fRUsing a Wildcard on Both Sides of a Name-Based Mapping Rule
.sp
.LP
-The following command maps all Windows user names in the \fBxyz.com\fR domain
+The following command maps all Windows user names in the \fBexample.com\fR domain
to the UNIX users with the same names provided that one exists and is not
otherwise mapped. If such a rule is matched but the UNIX user name does not
exist, an ephemeral ID mapping is used.
@@ -959,7 +936,7 @@ exist, an ephemeral ID mapping is used.
.sp
.in +2
.nf
-# \fBidmap add "winuser:*@xyz.com" "unixuser:*"\fR
+# \fBidmap add "winuser:*@example.com" "unixuser:*"\fR
.fi
.in -2
.sp
@@ -968,14 +945,14 @@ exist, an ephemeral ID mapping is used.
\fBExample 2 \fRUsing a Wildcard on One Side of a Name-Based Mapping Rule
.sp
.LP
-The following command maps all unmapped Windows users in the \fBxyz.com\fR
+The following command maps all unmapped Windows users in the \fBexample.com\fR
domain to the \fBguest\fR UNIX user. The \fB-d\fR option specifies a
-unidirectional mapping from \fB*@xyz.com\fR users to the \fBguest\fR user.
+unidirectional mapping from \fB*@example.com\fR users to the \fBguest\fR user.
.sp
.in +2
.nf
-# \fBidmap add -d "winuser:*@xyz.com" unixuser:guest\fR
+# \fBidmap add -d "winuser:*@example.com" unixuser:guest\fR
.fi
.in -2
.sp
@@ -1249,7 +1226,6 @@ object representing \fBjoe@example.com\fR.
.sp
.SH EXIT STATUS
-.sp
.ne 2
.na
\fB\fB0\fR\fR
@@ -1268,8 +1244,6 @@ An error occurred. A diagnostic message is written to standard error.
.RE
.SH ATTRIBUTES
-.sp
-.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp
@@ -1284,13 +1258,9 @@ Interface Stability Uncommitted
.TE
.SH SEE ALSO
-.sp
-.LP
\fBsvcs\fR(1), \fBidmapd\fR(1M), \fBldapaddent\fR(1M), \fBsvcadm\fR(1M),
\fBsvccfg\fR(1M), \fBattributes\fR(5), \fBsmf\fR(5)
.SH NOTES
-.sp
-.LP
The \fBidmapd\fR service is managed by the service management facility,
\fBsmf\fR(5). The service identifier for the \fBidmapd\fR service is
\fBsvc:/system/idmap\fR.
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-06 10:15:20 +0000