Creating default registry policy associations
You can use policy associations to create mappings directly between a group of users and a single target user identity.
You want to have all your Microsoft Active Directory users on the Windows server map to the user profile SYSUSERA on System A and to the user profile SYSUSERB on System B. In this case, you can create a default registry policy association that maps all the user identities (for which no identifier associations exist) in the MYCO.COM Kerberos registry to a single IBM® i user profile on System A.
- One policy association maps the Kerberos principals in the MYCO.COM user registry to a target user of SYSUSERA in the target registry of SYSTEMA.MYCO.COM.
- The other policy association maps the Kerberos principals in the MYCO.COM user registry to a target user of SYSUSERB in the target registry of SYSTEMB.MYCO.COM.
Use the information from your planning works sheets to create two default registry policy associations.
Before you can use policy associations, you must first enable the domain to use policy associations for mapping lookup operations.
To enable the domain to use policy associations for mapping lookup operations, complete the following steps:
- In IBM Navigator for i on System A, expand .
- Click Domain Management.
- Right-click MyCoEimDomain, and select Mapping policy.
- On the General page, select the Enable mapping lookups using policy associations for domain MyCoEimDomain.
To create the default registry policy association for the users to map to the SYSUSERA user profile on System A, complete the following steps:
- On the Registry page, click Add.
- In the Add Default Registry Policy Association dialog
box, specify or Browse to select the following
information, and click OK:
- Source registry: MYCO.COM
- Target registry: SYSTEMA.MYCO.COM
- Target user: SYSUSERB
- Click OK to close the Mapping Policy dialog box.
To create the default registry policy association for the users to map to the SYSUSERB user profile on System B, complete the following steps:
- On the Registry page, click Add.
- In the Add Default Registry Policy Association dialog
box, specify or Browse to select the following
information, and click OK:
- Source registry: MYCO.COM
- Target registry: SYSTEMB.MYCO.COM
- Target user: SYSUSERB
- Click OK to close the Mapping Policy dialog box.