diff options
| author | Gerald W. Carter <jerry@samba.org> | 2008-04-22 10:09:40 -0500 |
|---|---|---|
| committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 08:47:48 -0500 |
| commit | 8f8a9f01909ba29e2b781310baeeaaddc3f15f0d (patch) | |
| tree | 90c6b720ad3a7bc815245c0ef28820424f89d658 /docs-xml/smbdotconf/winbind/idmapconfig.xml | |
| parent | 197238246389c40edc60c6630d18d6913086e630 (diff) | |
| download | samba-8f8a9f01909ba29e2b781310baeeaaddc3f15f0d.tar.gz samba-8f8a9f01909ba29e2b781310baeeaaddc3f15f0d.tar.bz2 samba-8f8a9f01909ba29e2b781310baeeaaddc3f15f0d.zip | |
Moving docs tree to docs-xml to make room for generated docs in the release tarball.
(This used to be commit 9f672c26d63955f613088489c6efbdc08b5b2d14)
Diffstat (limited to 'docs-xml/smbdotconf/winbind/idmapconfig.xml')
| -rw-r--r-- | docs-xml/smbdotconf/winbind/idmapconfig.xml | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/winbind/idmapconfig.xml b/docs-xml/smbdotconf/winbind/idmapconfig.xml new file mode 100644 index 0000000000..63b0a907a8 --- /dev/null +++ b/docs-xml/smbdotconf/winbind/idmapconfig.xml @@ -0,0 +1,65 @@ +<samba:parameter name="idmap config" + context="G" + type="string" + advanced="1" developer="1" hide="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + The idmap config prefix provides a means of managing each domain + defined by the <smbconfoption name="idmap domains"/> option using Samba's + parameteric option support. The idmap config prefix should be + followed by the name of the domain, a colon, and a setting specific to + the chosen backend. There are three options available for all domains: + </para> + <variablelist> + <varlistentry> + <term>backend = backend_name</term> + <listitem><para> + Specifies the name of the idmap plugin to use as the + SID/uid/gid backend for this domain. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>default = [yes|no]</term> + <listitem><para> + The default domain/backend will be used for searching for + users and groups not belonging to one of the explicitly + listed domains (matched by comparing the account SID and the + domain SID). + </para></listitem> + </varlistentry> + + <varlistentry> + <term>readonly = [yes|no]</term> + <listitem><para> + Mark the domain as readonly which means that no attempts to + allocate a uid or gid (by the <smbconfoption name="idmap alloc + backend"/>) for any user or group in that domain + will be attempted. + </para></listitem> + </varlistentry> + </variablelist> + + <para> + The following example illustrates how to configure the <citerefentry> + <refentrytitle>idmap_ad</refentrytitle><manvolnum>8</manvolnum></citerefentry> + for the CORP domain and the <citerefentry><refentrytitle>idmap_tdb</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> backend for all other domains. The + TRUSTEDDOMAINS string is simply a key used to reference the "idmap + config" settings and does not represent the actual name of a domain. + </para> + + <programlisting> + idmap domains = CORP TRUSTEDDOMAINS + + idmap config CORP:backend = ad + idmap config CORP:readonly = yes + + idmap config TRUSTEDDOMAINS:backend = tdb + idmap config TRUSTEDDOMAINS:default = yes + idmap config TRUSTEDDOMAINS:range = 1000 - 9999 + </programlisting> + +</description> +</samba:parameter> |