diff options
| author | Gerald Carter <jerry@samba.org> | 2007-03-21 15:10:58 +0000 |
|---|---|---|
| committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 08:47:29 -0500 |
| commit | 2abb46e2457d060965a0ae7340d2b4f99b5d2fd3 (patch) | |
| tree | 6132c38087981efebc0d0f5382b46324b384ccbf /docs/smbdotconf/winbind/idmapbackend.xml | |
| parent | 714235d358cc5ae4790bc554bed1db8fa43703f7 (diff) | |
| download | samba-2abb46e2457d060965a0ae7340d2b4f99b5d2fd3.tar.gz samba-2abb46e2457d060965a0ae7340d2b4f99b5d2fd3.tar.bz2 samba-2abb46e2457d060965a0ae7340d2b4f99b5d2fd3.zip | |
man page updates for new idmap options (still a work in progress)
(This used to be commit c88062d21899e67ba031d6a2da48c50be567ebfd)
Diffstat (limited to 'docs/smbdotconf/winbind/idmapbackend.xml')
| -rw-r--r-- | docs/smbdotconf/winbind/idmapbackend.xml | 39 |
1 files changed, 16 insertions, 23 deletions
diff --git a/docs/smbdotconf/winbind/idmapbackend.xml b/docs/smbdotconf/winbind/idmapbackend.xml index 75c61fbec0..c8ca077aed 100644 --- a/docs/smbdotconf/winbind/idmapbackend.xml +++ b/docs/smbdotconf/winbind/idmapbackend.xml @@ -1,37 +1,30 @@ <samba:parameter name="idmap backend" context="G" - type="string" + type="string" advanced="1" developer="1" hide="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para> - The purpose of the idmap backend parameter is to allow idmap to NOT use the local idmap - tdb file to obtain SID to UID / GID mappings for unmapped SIDs, but instead to obtain them from a common - LDAP backend. This way all domain members and controllers will have the same UID and GID - to SID mappings. This avoids the risk of UID / GID inconsistencies across UNIX / Linux - systems that are sharing information over protocols other than SMB/CIFS (ie: NFS). + The idmap backend provides a plugin interface for Winbind to use + varying backends to store SID/uid/gid mapping tables. This + option is mutually exclusive with the newer and more flexible + <smbconfoption name="idmap domains"/> parameter. The main difference + between the "idmap backend" and the "idmap domains" + is that the former only allows on backend for all domains while the + latter supports configuring backends on a per domain basis. </para> + <para>Examples of SID/uid/gid backends include tdb (<citerefentry> + <refentrytitle>idmap_tdb</refentrytitle><manvolnum>8</manvolnum></citerefentry>), + ldap (<citerefentry><refentrytitle>idmap_ldap</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>), rid (<citerefentry> + <refentrytitle>idmap_rid</refentrytitle><manvolnum>8</manvolnum></citerefentry>), + and ad (<citerefentry><refentrytitle>idmap_tdb</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>). <para> - An alternate method of SID to UID / GID mapping can be achieved using the rid - plug-in. This plug-in uses the account RID to derive the UID and GID by adding the - RID to a base value specified. This utility requires that the parameter - <quote>allow trusted domains = No</quote> must be specified, as it is not compatible - with multiple domain environments. The idmap uid and idmap gid ranges must also be - specified. - </para> - - <para> - Finally, using the ad module, the UID and GID can directly - be retrieved from an Active Directory LDAP Server that supports an - RFC2307 compliant LDAP schema. ad supports "Services for Unix" - (SFU) version 2.x and 3.0. - </para> - </description> <value type="default"></value> -<value type="example">ldap:ldap://ldapslave.example.com</value> -<value type="example">rid:"BUILTIN=1000-1999,DOMNAME=2000-100000000"</value> +<value type="example">ldap:ldap://ldapslave.example.com/</value> <value type="example">ad</value> </samba:parameter> |