diff options
author | Simo Sorce <idra@samba.org> | 2007-03-21 21:23:17 +0000 |
---|---|---|
committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 08:47:30 -0500 |
commit | 02ad2b539c1eceaf26c71dcc469649b6d26dcef9 (patch) | |
tree | 8293cbec718bd15638f007137abe20485667990f | |
parent | 347d1e20614d1d5732f113ec31322583431b672a (diff) | |
download | samba-02ad2b539c1eceaf26c71dcc469649b6d26dcef9.tar.gz samba-02ad2b539c1eceaf26c71dcc469649b6d26dcef9.tar.bz2 samba-02ad2b539c1eceaf26c71dcc469649b6d26dcef9.zip |
man page for IDMAP_AD
(This used to be commit e386776e5d1f13fb4c002299089a344968b134c8)
-rw-r--r-- | docs/manpages-3/idmap_ad.8.xml | 42 |
1 files changed, 39 insertions, 3 deletions
diff --git a/docs/manpages-3/idmap_ad.8.xml b/docs/manpages-3/idmap_ad.8.xml index fe1888211e..bb67df74e9 100644 --- a/docs/manpages-3/idmap_ad.8.xml +++ b/docs/manpages-3/idmap_ad.8.xml @@ -15,17 +15,53 @@ <refsynopsisdiv> <title>DESCRIPTION</title> - <para>TODO</para> + <para>The idmap_ad plugin provides a way for Winbind to read + id mappings from an AD server that uses RFC2307/SFU schema + extensions. This module implements only the "idmap" + API, and is READONLY. Mappings must be provided in advance + by the administrator by adding the posixAccount/posixGroup + classess and relative attribute/value pairs to the users and + groups objects in AD</para> </refsynopsisdiv> <refsect1> <title>IDMAP OPTIONS</title> - <para>TODO</para> + + <variablelist> + <varlistentry> + <term>range = low - high</term> + <listitem><para> + Defines the available matching uid and gid range for which the + backend is authoritative. Note that the range acts as a filter. + If specified any UID or GID stored in AD that fall outside the + range is ignored and the corresponding map is discarded. + It is intended as a way to avoid accidental UID/GID overlaps + between local and remotely defined IDs. + </para></listitem> </refsect1> <refsect1> <title>EXAMPLES</title> - <para>TODO</para> + <para> + The following example shows how to retrieve idmappings from our principal and + and trusted AD domains. All is needed is to set default to yes. If trusted + domains are present id conflicts must be resolved beforehand, there is no + guarantee on the order confliting mappings would be resolved at this point. + + This example also shows how to leave a small non conflicting range for local + id allocation that may be used in internal backends like BULTIN. + </para> + + <programlisting> + [global] + idmap domain = ALLDOMAINS + idmap config ALLDOMAINS:backend = ad + idmap config ALLDOMAINS:default = yes + idmap config ALLDOMAINS:range = 10000 - 300000000 + + idmap alloc backend = tdb + idmap alloc config:range = 5000 - 9999 + </programlisting> </refsect1> <refsect1> |