Beruflich Dokumente
Kultur Dokumente
Domain
ST.COM
w
2-
ay
st
u
tr
CAD.ST.CO
M
2w
ay
tr
us
t
MWS.ST.CO
M
As you can see that there is a normal windows AD account cn=gurpreet singh with
objectclass =person/user. It has an SID =abcxyz. This account resides in MWS Domain
There is another domain CAD.ST.COM where we will have Centrify Agent tool installed
to give users access on CAD/Unix resources.
For an AD object in MWS domain to have access on CAD/Unix resources, Centrify will
create a separate cad/unix identity in CAD domain. These identities are called service
connection point (SCP).
And that SCP will link with the AD object on the basis of SID of that AD object. So in
previous slide, Centrify created an SCP cn=gurpreet@st.com. This SCP has a multivalued attribute called keywords which contain some key value pairs. One of those
key value pairs is parentlink: abcxyz which contains the SID of the AD object
(cn=gurpreet singh) in MWS domain.
The attribute keywords also contain another key value pair login: singhg which is
the login name to be used to have access on CAD/Unix resources. We can also call this
as unix login name.
GroupID Requirements
ST.CO
M
GroupI
D
h
rc
a
Se is
th
d
an
ow
sh
Bu
ta
dd
th
is
CAD.S
T.COM
ease note that the above requirement is a separate requirement and has no impact on the current working of GroupID.
This may be achieved through separate portal of separate instance of GroupID
MWS.
ST.CO
M
GroupID Requirements
Similarly while deleting a member from a security group, owner shall be able to search on the basis of unix login
name (singhg) but when he/she clicks on delete button the actual windows user in MWS domain should be
deleted.
ST.CO
M
GroupI
D
h
rc
a
Se is
th
CAD.S
T.COM
d
an
ow
sh
Bu
td
el
et
e
th
is
MWS.
ST.CO
M