Add a User to a Classic Zone

Adding a UNIX user or group profile to an Active Directory user or group object requires you to know the security identifier (SID) for the Active Directory user or Active Directory group. This information is necessary to link the UNIX attributes in the UNIX profile to its corresponding Active Directory account. One way to get this information is to use the Windows Server directory service command-line tool dsquery to return the SID for a specific user:

dsquery user -samid user \| dsget user -sid -samid

For example, to list the samAccount name and SID for the user with the samaccountname jane:

dsquery user -samid jane \| dsget user -sid -samid

For more information on using dsquery, search for the command on the Microsoft website.

Once you have identified the SID for a user or group, you can use the ldapadd command to add a profile for the user or group to the zone.

The following example illustrates how to add user "joe" to "zone1" where "zone1" is a classic RFC 2307-compliant zone:

ldapadd -H ldap://mydc.acme.com \<\< END_DATA  
dn: CN=joe,CN=Users,cn=zone1,cn=myzones,dc=acme,dc=com  
objectClass: posixAccount  
objectClass: serviceConnectionPoint  
cn: joe  
displayName: \\\$CimsUserVersion3  
showInAdvancedViewOnly: TRUE  
name: joe  
keywords: unix_enabled:True  
keywords: parentLink:S-1-5-21-397955417-626881126-188441444-512  
uid: joe  
uidNumber: 123  
gidNumber: 234  
unixHomeDirectory: /home/joe  
loginShell: /bin/bash  
END_DATA

The following example illustrates how to add the user profile "joe" to "zone1" where "zone1" is a Standard zone:

ldapadd -H ldap://mydc.acme.com \<\< END_DATA  
dn: CN=joe,CN=Users,cn=zone1,cn=myzones,dc=acme,dc=com  
objectClass: serviceConnectionPoint  
cn: joe  
displayName: \\\$CimsUserVersion2  
showInAdvancedViewOnly: TRUE  
name: joe  
keywords: unix_enabled:True  
keywords: parentLink:S-1-5-21-397955417-626881126-188441444-512  
keywords: uid:123  
keywords: gid:234  
keywords: home:/home/joe  
keywords: shell:/bin/bash  
END_DATA