Specifications
Mapping the Group ID in Group Accounts to an Active
Directory Attribute
On a computer that’s congured to use Directory Utility’s Active Directory connector,
you can specify an Active Directory attribute that you want mapped to Mac OS X’s
group ID (GID) attribute in group accounts.
Usually, the Active Directory schema must be extended to include an attribute that’s
suitable for mapping to the GID:
If the Active Directory administrator extends the Active Directory schema by Â
installing Microsoft’s Services for UNIX, you can map the GID to the msSFU-30-Gid-
Number attribute.
If the Active Directory administrator manually extends the Active Directory schema Â
to include RFC 2307 attributes, you can map the GID to gidNumber.
If the Active Directory administrator manually extends the Active Directory schema Â
to include the Mac OS X gidNumber attribute, you can map the GID to it.
If mapping of the GID is disabled, the Active Directory connector generates a GID
based on Active Directory’s standard GUID attribute.
WARNING: If you change the mapping of the GID later, users might lose access to
previously created les.
To map the GID to an attribute in an extended Active Directory schema:
1 Open System Preferences and click Accounts.
2 If the lock icon is locked, unlock it by clicking it and entering the name and password
of an administrator.
3 Click Login Options, then click Edit.
4 Click Open Directory Utility.
5 If the lock icon is locked, unlock it by clicking it and entering the name and password
of an administrator.
6 Click Services.
7 In the list of services, select Active Directory and click the Edit (/) button.
8 If the advanced options are hidden, click Show Advanced Options.
9 Click Mappings.
10 Select “Map group GID to attribute” and enter the name of the Active Directory
attribute you want mapped to the GID in group accounts.
11 Click OK.
168 Chapter 8 Advanced Directory Client Settings