diff options
Diffstat (limited to 'docs-xml/manpages-3/idmap_ldap.8.xml')
| -rw-r--r-- | docs-xml/manpages-3/idmap_ldap.8.xml | 165 |
1 files changed, 165 insertions, 0 deletions
diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml b/docs-xml/manpages-3/idmap_ldap.8.xml new file mode 100644 index 0000000000..ea7def3a0c --- /dev/null +++ b/docs-xml/manpages-3/idmap_ldap.8.xml @@ -0,0 +1,165 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="idmap_ldap.8"> + +<refmeta> + <refentrytitle>idmap_ldap</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">System Administration tools</refmiscinfo> + <refmiscinfo class="version">3.2</refmiscinfo> +</refmeta> + + +<refnamediv> + <refname>idmap_ldap</refname> + <refpurpose>Samba's idmap_ldap Backend for Winbind</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <title>DESCRIPTION</title> + + <para>The idmap_ldap plugin provides a means for Winbind to + store and retrieve SID/uid/gid mapping tables in an LDAP directory + service. The module implements both the "idmap" and + "idmap alloc" APIs. + </para> +</refsynopsisdiv> + +<refsect1> + <title>IDMAP OPTIONS</title> + + <variablelist> + <varlistentry> + <term>ldap_base_dn = DN</term> + <listitem><para> + Defines the directory base suffix to use when searching for + SID/uid/gid mapping entries. If not defined, idmap_ldap will default + to using the "ldap idmap suffix" option from smb.conf. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>ldap_user_dn = DN</term> + <listitem><para> + Defines the user DN to be used for authentication. If absent an + anonymous bind will be performed. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>ldap_url = ldap://server/</term> + <listitem><para> + Specifies the LDAP server to use when searching for existing + SID/uid/gid map entries. If not defined, idmap_ldap will + assume that ldap://localhost/ should be used. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>range = low - high</term> + <listitem><para> + Defines the available matching uid and gid range for which the + backend is authoritative. Note that the range commonly matches + the allocation range due to the fact that the same backend will + store and retrieve SID/uid/gid mapping entries. If the parameter + is absent, Winbind fail over to use the "idmap uid" and + "idmap gid" options from smb.conf. + </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>IDMAP ALLOC OPTIONS</title> + + <variablelist> + <varlistentry> + <term>ldap_base_dn = DN</term> + <listitem><para> + Defines the directory base suffix under which new SID/uid/gid mapping + entries should be stored. If not defined, idmap_ldap will default + to using the "ldap idmap suffix" option from smb.conf. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>ldap_user_dn = DN</term> + <listitem><para> + Defines the user DN to be used for authentication. If absent an + anonymous bind will be performed. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>ldap_url = ldap://server/</term> + <listitem><para> + Specifies the LDAP server to which modify/add/delete requests should + be sent. If not defined, idmap_ldap will assume that ldap://localhost/ + should be used. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>range = low - high</term> + <listitem><para> + Defines the available matching uid and gid range from which + winbindd can allocate for users and groups. If the parameter + is absent, Winbind fail over to use the "idmap uid" + and "idmap gid" options from smb.conf. + </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>EXAMPLES</title> + + <para> + The follow sets of a LDAP configuration which uses a slave server + running on localhost for fast fetching SID/gid/uid mappings, it + implies correct configuration of referrals. + The idmap alloc backend is pointed directly to the master to skip + the referral (and consequent reconnection to the master) that the + slave would return as allocation requires writing on the master. + </para> + + <programlisting> + [global] + idmap domains = ALLDOMAINS + idmap config ALLDOMAINS:default = yes + idmap config ALLDOMAINS:backend = ldap + idmap config ALLDOMAINS:ldap_base_dn = ou=idmap,dc=example,dc=com + idmap config ALLDOMAINS:ldap_url = ldap://localhost/ + idmap config ALLDOMAINS:range = 10000 - 50000 + + idmap alloc backend = ldap + idmap alloc config:ldap_base_dn = ou=idmap,dc=example,dc=com + idmap alloc config:ldap_url = ldap://master.example.com/ + idmap alloc config:range = 10000 - 50000 + </programlisting> +</refsect1> + +<refsynopsisdiv> + <title>NOTE</title> + + <para>In order to use authentication against ldap servers you may + need to provide a DN and a password. To avoid exposing the password + in plain text in the configuration file we store it into a security + store. The "net idmap " command is used to store a secret + for the DN specified in a specific idmap domain. + </para> +</refsynopsisdiv> + +<refsect1> + <title>AUTHOR</title> + + <para> + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + </para> +</refsect1> + +</refentry> |