Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-11446: How to configure extended NSS support for mail.alias

Authentication Service ,  

10 December,18 at 09:16 PM


How to configure servers with Centrify so that Centrify NSS library would provide mail.aliases to SMTP in the Linux/Unix environment, directly from Active Directory User attributes.


Starting from release 18.11, CDC version 5.5.2, we extended the agent ability to provide mail.aliases to SMTP for Zone enabled Active Directory accounts.  

To enable Centrify NSS handling the get aliases map call, add the following parameter in /etc/centrifydc/centrifydc.conf file:

adclient.autoedit.nss.xmaps: aliases

Add a config parameter, with one of the three possible values to indicate the source of the mail aliases. The three values are 'nismaps', 'mail', and 'proxyaddresses', with nismaps as the default. 

nss.alias.source: nismaps

If using 'proxyaddresses' is desired, since this attribute is not in the Active Directory zone user's default schema, it needs to be added to the list of custom attribute.  Modify the default setting

adclient.custom.attributes.user: unixUserPassword msSFU30Password


adclient.custom.attributes.user: unixUserPassword msSFU30Password proxyaddresses

command 'adreload' is required to take effect of the above parameter setting.

This new feature doesn't take effect for One-Way trust cross forest users