--- idmap.2007-07-18.1m.txt	Wed Jul 18 19:33:05 2007
+++ idmap.2007-08-2.1m.txt	Thu Aug  2 15:00:18 2007
@@ -13,10 +13,10 @@
      idmap -f command-file
 
 
-     idmap add -u|-g [-d] name1 name2
+     idmap add [-d] name1 name2
 
 
-     idmap dump [-u|-g] [-n]
+     idmap dump [-n]
 
 
      idmap export [-f file] format
@@ -28,16 +28,16 @@
      idmap import [-F] [-f file] format
 
 
-     idmap list [-u|-g]
+     idmap list
 
 
-     idmap remove -u|-g [-t|-f] name
+     idmap remove [-t|-f] name
 
 
-     idmap remove -u|-g -a
+     idmap remove -a
 
 
-     idmap remove -u|-g [-d] name1 name2
+     idmap remove [-d] name1 name2
 
 
      idmap show [-c] identity [target-type]
@@ -196,7 +196,7 @@
                   equivalent unix-name,  if  any.  The  following
                   idmap command shows this mapping:
 
-                    idmap add -ud "*@*" "*"
+                    idmap add -d "winuser:*@*" "unixuser:*"
 
 
 
@@ -206,22 +206,39 @@
          identity  is specified as type:value. type is one of the
          following:
 
-         gid         Numeric POSIX GID
+         usid        Windows user SID in text format
 
 
-         sid         Windows SID in text format
+         gsid        Windows group SID in text format
 
 
+         sid         Windows SID in text format which can belong
+                     either to a user or to a group.
+
+
          uid         Numeric POSIX UID
 
 
-         unixname    UNIX user or group name
+         gid         Numeric POSIX GID
 
 
+         unixuser    UNIX user name
+
+
+         unixgroup   UNIX group name
+
+
+         winuser     Windows user name
+
+
+         wingroup    Windows group name
+
+
          winname     Windows user or group name
 
+
          value is a number or string that is appropriate  to  the
-         specified  type.  For instance, unixname:staff specifies
+         specified  type.  For instance, unixgroup:staff specifies
          the  UNIX  group  name,  staff.  The   identity   gid:10
          represents  GID  10, which corresponds to the UNIX group
          staff.
@@ -228,8 +245,9 @@
 
 
      name
-         Specifies a UNIX name (unixname) or a Windows name (win-
-         name) that can be used for name-based mapping rules.
+         Specifies a UNIX name (unixuser, unixgroup) or a Windows
+	 name (winuser, wingroup) that can be used for name-based
+         mapping rules.
 
          A Windows security entity name can be specified  in  one
          of these ways:
@@ -280,19 +298,16 @@
   Subcommands
      The following subcommands are supported:
 
-     add -u|-g [-d] name1 name2
+     add [-d] name1 name2
          Adds a name-based mapping rule.  By  default,  the  name
          mapping  is  bidirectional.  If the -d option is used, a
          unidirectional mapping is created from name1 to name2.
 
-         Use the -u option to map user  names,  and  use  the  -g
-         option to map group names.
-
          Either name1 or name2 must be a Windows  name,  and  the
-         other must be a UNIX name. If the Windows name is quali-
-         fied with a domain, the name type (winname or  unixname)
-         is optional. See Operands for information about the name
-         operand.
+         other must be a UNIX name. For the Windows name, the
+         winname identity type cannot be used - one of winuser or
+         wingroup types must be specified. See Operands for
+         information about the name operand.
 
          Note that two unidirectional mappings between  the  same
          two  names  in two opposite directions are equivalent to
@@ -302,12 +317,10 @@
          authorization.
 
 
-     dump [-u|-g] [-n]
+     dump [-n]
          Dumps all the mappings  cached  since  the  last  system
-         boot.  The  -u  option  dumps  user mappings, and the -g
-         option dumps group mappings. The  -n  option  shows  the
-         names, as well. By default only sids, uids, and gids are
-         shown.
+         boot. The -n option shows the names, as well. By default
+	 only sids, uids, and gids are shown.
 
 
      export [-f file] format
@@ -335,17 +348,15 @@
          authorization.
 
 
-     list [-u|-g]
+     list
          Lists all name-based mapping rules. Each rule appears in
-         its  idmap  add form. The -u option lists user name map-
-         pings, and the -g option lists group name mappings.
+         its  idmap  add form.
 
 
-     remove -u|-g [-t|-f] name
+     remove [-t|-f] name
          Removes any name-based mapping rule  that  involves  the
          specified  name.  name  can  be either a UNIX or Windows
-         user name or group name. The -u option removes user name
-         mappings, and the -g option removes group name mappings.
+         user name or group name.
 
          The -f option removes rules that use name as the source.
          The  -t option removes rules that use name as the desti-
@@ -355,21 +366,17 @@
          authorization.
 
 
-     remove -u|-g -a
-         Removes all name-based  mapping  rules.  The  -u  option
-         removes  user  name  mappings, and the -g option removes
-         group name mappings.
+     remove -a
+         Removes name-based  mapping  rules.
 
-
          This subcommand requires  the  solaris.admin.idmap.rules
          authorization.
 
 
-     remove -u|-g [-d] name1 name2
+     remove [-d] name1 name2
          Removes  name-based  mapping  rules  between  name1  and
          name2.  If  the -d option is specified, rules from name1
-         to name2 are removed. The -u option  removes  user  name
-         mappings, and the -g option removes group name mappings.
+         to name2 are removed.
 
          Either name1 or name2 must be a Windows  name,  and  the
          other must be a UNIX name.
@@ -378,9 +385,9 @@
          authorization.
 
 
-     show [-c] identity [target-type]
+     show [-c] name [target-type]
          Shows the identity of type, target-type, that is  mapped
-         to the specified identity.
+         to the specified name.
 
          By default, this subcommand  shows  only  mappings  that
          have  been established already. The -c option forces the
@@ -395,7 +402,7 @@
               to the specified UID, uid:50000:
 
                 # idmap show uid:50000 sid
-                S-1-5-21-726303253-4128413635-1168184439
+                uid:50000 -> usid:S-1-5-21-3223191800-2000
 
 
 
@@ -403,8 +410,8 @@
               is  mapped  to  the  specified  Windows  user name,
               joe@example.com:
 
-                # idmap show joe@example.com unixname
-                joes
+                # idmap show joe@example.com unixuser
+                winuser:joe@example.com -> unixuser:joes
 
 
 
@@ -426,12 +433,12 @@
 
 
 
-       # idmap dump -u
-       sid:S-1-5-21-2949573101-2750415176-3223191800-2000    ==     uid:50000
-       sid:S-1-5-21-2949573101-2750415176-3223191800-2001    ==     uid:50001
-       sid:S-1-5-21-2949573101-2750415176-3223191800-2006    ==     uid:50010
-       sid:S-1-5-21-2949573101-2750415176-3223191900-3000    ==     uid:2147491840
-       sid:S-1-5-21-2949573101-2750415176-3223191700-4000    =>     uid:60001
+       # idmap dump | grep "uid:"
+       usid:S-1-5-21-3223191800-2000    ==     uid:50000
+       usid:S-1-5-21-3223191800-2001    ==     uid:50001
+       usid:S-1-5-21-3223191800-2006    ==     uid:50010
+       usid:S-1-5-21-3223191900-3000    ==     uid:2147491840
+       usid:S-1-5-21-3223191700-4000    =>     uid:60001
 
 
 
@@ -441,25 +448,15 @@
      to UNIX user, foo, and conversely:
 
 
-       # idmap add -u foobar@example.com foo
+       # idmap add winuser:foobar@example.com unixuser:foo
 
 
 
-     Because only a Windows name  can  be  domain-qualified,  the
-     winname  and  unixname  types  are not needed to distinguish
-     between the Windows name and the UNIX name.  The  equivalent
-     command line using the name types is as follows:
-
-
-       # idmap add -u winname:foobar@example.com unixname:foo
-
-
-
      This command shows how to remove the mapping  added  by  the
      previous command:
 
 
-       # idmap remove -u foobar@example.com foo
+       # idmap remove winuser:foobar@example.com unixuser:foo
 
 
 
@@ -478,9 +475,9 @@
               conversely
 
        # idmap <<EOF
-             remove -u foobar@example.com
-             add -u foobar@example.com bar
-             add -g winname:members unixname:staff
+             remove winuser:foobar@example.com
+             add winuser:foobar@example.com unixuser:bar
+             add wingroup:members unixgroup:staff
        EOF
 
 
@@ -492,8 +489,8 @@
 
 
        # idmap list
-       add -u winname:foobar@example.com unixname:bar
-       add -g winname:members unixname:staff
+       add winuser:foobar@example.com unixuser:bar
+       add wingroup:members unixgroup:staff
 
 
 
@@ -532,8 +529,8 @@
 
 
        # idmap <<EOF
-             add -u foo@example.com foo
-             add -u -d foobar@example.com foo
+             add winuser:foo@example.com unixuser:foo
+             add -d winuser:foobar@example.com unixuser:foo
        EOF
 
 
@@ -547,7 +544,7 @@
      guest user.
 
 
-       # idmap add -u -d "*@xyz.com" guest
+       # idmap add -d "winuser:*@xyz.com" unixuser:guest
 
 
 
@@ -561,7 +558,7 @@
      ephemeral ID mapping is used.
 
 
-       # idmap add -u "*@xyz.com" "*"
+       # idmap add "winuser:*@xyz.com" "unixuser:*"
 
 
 
@@ -611,7 +608,7 @@
 
 
 SEE ALSO
-     svcs(1),  dladm(1M),  idmapd(1M),  svcadm(1M),   svccfg(1M),
+     svcs(1),  idmapd(1M),  svcadm(1M),   svccfg(1M),
      attributes(5), smf(5)
 
 NOTES