diff options
Diffstat (limited to 'docs-xml/manpages-3/idmap_ad.8.xml')
| -rw-r--r-- | docs-xml/manpages-3/idmap_ad.8.xml | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/docs-xml/manpages-3/idmap_ad.8.xml b/docs-xml/manpages-3/idmap_ad.8.xml new file mode 100644 index 00000000000..766eb850902 --- /dev/null +++ b/docs-xml/manpages-3/idmap_ad.8.xml @@ -0,0 +1,92 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="idmap_ad.8"> + +<refmeta> + <refentrytitle>idmap_ad</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">System Administration tools</refmiscinfo> + <refmiscinfo class="version">3.2</refmiscinfo> +</refmeta> + + +<refnamediv> + <refname>idmap_ad</refname> + <refpurpose>Samba's idmap_ad Backend for Winbind</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <title>DESCRIPTION</title> + <para>The idmap_ad plugin provides a way for Winbind to read + id mappings from an AD server that uses RFC2307/SFU schema + extensions. This module implements only the "idmap" + API, and is READONLY. Mappings must be provided in advance + by the administrator by adding the posixAccount/posixGroup + classess and relative attribute/value pairs to the users and + groups objects in AD</para> +</refsynopsisdiv> + +<refsect1> + <title>IDMAP OPTIONS</title> + + <variablelist> + <varlistentry> + <term>range = low - high</term> + <listitem><para> + Defines the available matching uid and gid range for which the + backend is authoritative. Note that the range acts as a filter. + If specified any UID or GID stored in AD that fall outside the + range is ignored and the corresponding map is discarded. + It is intended as a way to avoid accidental UID/GID overlaps + between local and remotely defined IDs. + </para></listitem> + </varlistentry> + <varlistentry> + <term>schema_mode = <rfc2307 | sfu ></term> + <listitem><para> + Defines the schema that idmap_ad should use when querying + Active Directory regarding user and group information. + This can either the RFC2307 schema support included + in Windows 2003 R2 or the Service for Unix (SFU) schema. + </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>EXAMPLES</title> + <para> + The following example shows how to retrieve idmappings from our principal and + and trusted AD domains. All is needed is to set default to yes. If trusted + domains are present id conflicts must be resolved beforehand, there is no + guarantee on the order conflicting mappings would be resolved at this point. + + This example also shows how to leave a small non conflicting range for local + id allocation that may be used in internal backends like BUILTIN. + </para> + + <programlisting> + [global] + idmap domains = ALLDOMAINS + idmap config ALLDOMAINS:backend = ad + idmap config ALLDOMAINS:default = yes + idmap config ALLDOMAINS:range = 10000 - 300000000 + + idmap alloc backend = tdb + idmap alloc config:range = 5000 - 9999 + </programlisting> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para> + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + </para> +</refsect1> + +</refentry> |