Chat now with support
Chat with Support

Safeguard Authentication Services 4.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Authentication Services Unix administration and configuration Identity management Migrating from NIS Managing access control Managing local file permissions Certificate Autoenrollment Integrating with other applications Managing Unix hosts with Group Policy
Authentication Services Group Policy
Group Policy Concepts Unix policies One Identity policies
Display specifiers Troubleshooting

Active Directory Group Information file

The Active Directory Group Information file contains information about Active Directory group accounts. It is produced by oat_adlookup and is passed to oat_match to create a map between Active Directory and local groups.

Syntax
<AD account info> ::= [<VAS property overrides>] <group account list>
<VAS property overrides> ::= { 'vas-override-property: ' <override> <CRLF> }
<override> ::= <override name> '-attr-name=' <AD_attr_name>
<override name> ::= 'uid-number' |
'gid-number' |
'gecos' |
'username' |
'groupname'
<group account list> ::= { <group account record> <CRLF> }
<group account record> ::= <header_prop> { <CRLF> <info_prop> }
<header_prop> ::= ('dn' | 'distinguishedName') ':' {<white space>} <prop_value>
<info_prop> ::= ( 'cn' |
'sAMAccountName' |
<gid-number-attr-name> |
<groupname-attr-name> ) ':' {<white space>} <prop_value>
<prop_value> ::= {<character>}
Sample
dn: CN=zenith,CN=Users,DC=a,DC=vmx
cn: zenith
sAMAccountName: zenith
gidNumber: 1002

User Map file

The User map file contains mappings between Active Directory and local users. It is produced by oat_match and is passed to oat_changeowners to align file ownership.

Syntax
<user_map> ::= '#!user' { <CRLF> <map_entry> }
<map_entry> ::= <unix_entry_value> { <white_space> } <ad_entry_value>
<ad_entry_value> ::= <entry_value>
<unix_entry_value> ::= <entry_value>
<entry_value> ::= <identifier> '(' [ <user_name> ] ')'
<identifier> ::= <digit> { <digit> }
<user_name> ::= <character> { <character> }
Sample
#!user
1001(testmigr) 1001(vanya)
500(alex) 1000(alex)
10003(masha) 1002(mpetrova)

Group Map file

The Group map file contains mappings between Active Directory and local groups. It is produced by oat_match and is passed to oat_changeowners to align file ownership.

Syntax
<group_map> ::= `#!group` { <CRLF> <map_entry> }
<map_entry> ::= <unix_entry_value> { <white_space> } <ad_entry_value>
<ad_entry_value> ::= <entry_value>
<unix_entry_value> ::= <entry_value>
<entry_value> ::= <identifier> '(' [ <group_name> ] ')'
<identifier> ::= <digit> { <digit> }
<group_name> ::= <character> { <character> }
Sample
#!group
1002(grp1) 1001(grp1)

Local User Override file

The User Local Override file contains information about mappings between Active Directory and local users. It is produced by oat_match and is used by Authentication Services to override properties of Active Directory users on the local host.

Syntax
<user_local_override_list> ::= { <user_local_override_record> <CRLF> }
<user_local_override_record> ::= <AD_user> ':' <local_user>
<AD_user> ::= <UPN>
<local_user> ::= <Login Name> ':' [<UID>] ':' [<GID>] ':' [<GECOS>] ':' [<Home Directory>] ':' [<Shell>]
<UPN> ::= <character> {<character>} '@' <character> {<character>}
<Login Name> ::= <character> {<character>}
<UID> ::= <digit> { <digit> }
<GID> ::= <digit> { <digit> }
<GECOS> ::= <character> {<character>}
<Home Directory> ::= <character> {<character>}
<Shell> ::= <character> {<character>}
Sample
vanya@a.vmx:testmigr:1001:1001::/home/testmigr:
alex@a.vmx:alex:500:500::/home/alex:
mpetrova@a.vmx:masha:10003:0:Maria Petrova::
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating