Environment
Novell Open Enterprise Server 2015 (OES 2015) Linux
Novell Open Enterprise Server 2015 (OES 2015) Linux Support Pack 1
Situation
NSS AD: Using IDM with user-rights-map to sync NSS trustees between eDirectory and AD
Resolution
1) Configure IDM so that the DirXML-ADContext attribute is present on the eDirectory user and group objects.
2) Create the rights map using one of the following methods. Both will use the DirXML-ADContext attribute to match eDir and AD users and sync the trustees, and then save it as a rights map.
a) Use NURM to add a new rights map and select the NetIQ IDM user map option.b) Use the user-rights-command with these parameters:user-rights-map -v VOL1 -i -U cn=admin,o=context -P passwordNote: -a, -m, -r can be used as needed. Also, it might be necessary to configure eDirectory to allow a cleartext ldap connection on port 389.
3) If needed, the saved rights map can be used to sync the trustees again using the user-rights-map command. Use the following command, where "1" is the ID of the rights map from step 2. The rights map IDs can be viewed in NURM or with "user-rights-map -l"
user-rights-map -S -M 1 -U cn=admin,o=context -P passwordNote: By default trustees are merged between eDir and AD. -O can be used to force the trustees to only sync in one direction.
Additional Information
Run "man user-rights-map" at a command line to get more details about the various command line options for user-rights-map.