summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2007-03-21 21:23:17 +0000
committerGerald W. Carter <jerry@samba.org>2008-04-23 08:47:30 -0500
commit02ad2b539c1eceaf26c71dcc469649b6d26dcef9 (patch)
tree8293cbec718bd15638f007137abe20485667990f
parent347d1e20614d1d5732f113ec31322583431b672a (diff)
downloadsamba-02ad2b539c1eceaf26c71dcc469649b6d26dcef9.tar.gz
samba-02ad2b539c1eceaf26c71dcc469649b6d26dcef9.tar.bz2
samba-02ad2b539c1eceaf26c71dcc469649b6d26dcef9.zip
man page for IDMAP_AD
(This used to be commit e386776e5d1f13fb4c002299089a344968b134c8)
-rw-r--r--docs/manpages-3/idmap_ad.8.xml42
1 files changed, 39 insertions, 3 deletions
diff --git a/docs/manpages-3/idmap_ad.8.xml b/docs/manpages-3/idmap_ad.8.xml
index fe1888211e..bb67df74e9 100644
--- a/docs/manpages-3/idmap_ad.8.xml
+++ b/docs/manpages-3/idmap_ad.8.xml
@@ -15,17 +15,53 @@
<refsynopsisdiv>
<title>DESCRIPTION</title>
- <para>TODO</para>
+ <para>The idmap_ad plugin provides a way for Winbind to read
+ id mappings from an AD server that uses RFC2307/SFU schema
+ extensions. This module implements only the &quot;idmap&quot;
+ API, and is READONLY. Mappings must be provided in advance
+ by the administrator by adding the posixAccount/posixGroup
+ classess and relative attribute/value pairs to the users and
+ groups objects in AD</para>
</refsynopsisdiv>
<refsect1>
<title>IDMAP OPTIONS</title>
- <para>TODO</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>range = low - high</term>
+ <listitem><para>
+ Defines the available matching uid and gid range for which the
+ backend is authoritative. Note that the range acts as a filter.
+ If specified any UID or GID stored in AD that fall outside the
+ range is ignored and the corresponding map is discarded.
+ It is intended as a way to avoid accidental UID/GID overlaps
+ between local and remotely defined IDs.
+ </para></listitem>
</refsect1>
<refsect1>
<title>EXAMPLES</title>
- <para>TODO</para>
+ <para>
+ The following example shows how to retrieve idmappings from our principal and
+ and trusted AD domains. All is needed is to set default to yes. If trusted
+ domains are present id conflicts must be resolved beforehand, there is no
+ guarantee on the order confliting mappings would be resolved at this point.
+
+ This example also shows how to leave a small non conflicting range for local
+ id allocation that may be used in internal backends like BULTIN.
+ </para>
+
+ <programlisting>
+ [global]
+ idmap domain = ALLDOMAINS
+ idmap config ALLDOMAINS:backend = ad
+ idmap config ALLDOMAINS:default = yes
+ idmap config ALLDOMAINS:range = 10000 - 300000000
+
+ idmap alloc backend = tdb
+ idmap alloc config:range = 5000 - 9999
+ </programlisting>
</refsect1>
<refsect1>