|
|
Attribute map files map the values of user attributes on a remote system to attribute values on the local system. Most likely, an authentication scheme that maps user attributes will map such attributes as user ID (UID) and group ID (GID).
Attribute maps are created in the /etc/idmap/attrmap directory. Generally, you'll name each file for the attribute it maps.
An example of a GID map is shown below:
M1:M2 10:sysA 20 1:sysB 1Each entry in the map file maps one value to another. Note that the first entry in the sample file maps the GID value of 10 to the value of 20 on the local system. With this entry in the file, any user with GID 10 on a remote system who accesses a service on the local system remotely is mapped to GID 20 on the local system.
Attribute maps support transparent mapping. By using regular expressions when specifying attribute values, an administrator can set up transparent mapping such that a number of attribute values on the remote system are mapped with a single file entry. Transparent mapping is described in detail in ``Adding an entry to an attribute map''.
attradmin(1Mbnu) is the command interface to the attribute maps. It allows a privileged user to do the following:
The
attradmin
command has the following syntax:
attradmin [-A attrname [-l localval]]
attradmin -A attrname -a -l localval -r remoteval
attradmin -A attrname -d -l localval [-r remoteval]
attradmin -A attrname -I descr
attradmin -A attrname [-Dcf]
See attradmin(1Mbnu) for more details.
The options and command syntax required to execute a particular operation are described in the following sections.