Administering ID mapping

Administering attribute maps

Attribute map files map the values of user attributes on a remote system to attribute values on the local system. Most likely, an authentication scheme that maps user attributes will map such attributes as user ID (UID) and group ID (GID).

Attribute maps are created in the /etc/idmap/attrmap directory. Generally, you'll name each file for the attribute it maps.

NOTE: The names of the attribute map files must match the name used in the authentication scheme. If your system supports an application that uses attribute mapping, check the documentation that accompanies the scheme software to determine the names you should give the map files.

An example of a GID map is shown below:

   10:sysA 20
   1:sysB 1
Each entry in the map file maps one value to another. Note that the first entry in the sample file maps the GID value of 10 to the value of 20 on the local system. With this entry in the file, any user with GID 10 on a remote system who accesses a service on the local system remotely is mapped to GID 20 on the local system.

Attribute maps support transparent mapping. By using regular expressions when specifying attribute values, an administrator can set up transparent mapping such that a number of attribute values on the remote system are mapped with a single file entry. Transparent mapping is described in detail in ``Adding an entry to an attribute map''.

attradmin(1Mbnu) is the command interface to the attribute maps. It allows a privileged user to do the following:

The attradmin command has the following syntax:

attradmin [-A attrname [-l localval]]
attradmin -A attrname -a -l localval -r remoteval
attradmin -A attrname -d -l localval [-r remoteval]
attradmin -A attrname -I descr
attradmin -A attrname [-Dcf]

See attradmin(1Mbnu) for more details.

The options and command syntax required to execute a particular operation are described in the following sections.

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004