diff options
Diffstat (limited to 'docs-xml/manpages/idmap_ad.8.xml')
| -rw-r--r-- | docs-xml/manpages/idmap_ad.8.xml | 114 |
1 files changed, 0 insertions, 114 deletions
diff --git a/docs-xml/manpages/idmap_ad.8.xml b/docs-xml/manpages/idmap_ad.8.xml deleted file mode 100644 index 7319f9199f..0000000000 --- a/docs-xml/manpages/idmap_ad.8.xml +++ /dev/null @@ -1,114 +0,0 @@ -<?xml version="1.0" encoding="iso-8859-1"?> -<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> -<refentry id="idmap_ad.8"> - -<refmeta> - <refentrytitle>idmap_ad</refentrytitle> - <manvolnum>8</manvolnum> - <refmiscinfo class="source">Samba</refmiscinfo> - <refmiscinfo class="manual">System Administration tools</refmiscinfo> - <refmiscinfo class="version">3.6</refmiscinfo> -</refmeta> - - -<refnamediv> - <refname>idmap_ad</refname> - <refpurpose>Samba's idmap_ad Backend for Winbind</refpurpose> -</refnamediv> - -<refsynopsisdiv> - <title>DESCRIPTION</title> - <para>The idmap_ad plugin provides a way for Winbind to read - id mappings from an AD server that uses RFC2307/SFU schema - extensions. This module implements only the "idmap" - API, and is READONLY. Mappings must be provided in advance - by the administrator by adding the posixAccount/posixGroup - classes and relative attribute/value pairs to the user and - group objects in the AD.</para> - - <para> - Note that the idmap_ad module has changed considerably since - Samba versions 3.0 and 3.2. - Currently, the <parameter>ad</parameter> backend - does not work as the the default idmap backend, but one has - to configure it separately for each domain for which one wants - to use it, using disjoint ranges. One usually needs to configure - a writeable default idmap range, using for example the - <parameter>tdb</parameter> or <parameter>ldap</parameter> - backend, in order to be able to map the BUILTIN sids and - possibly other trusted domains. The writeable default config - is also needed in order to be able to create group mappings. - This catch-all default idmap configuration should have a range - that is disjoint from any explicitly configured domain with - idmap backend <parameter>ad</parameter>. See the example below. - </para> -</refsynopsisdiv> - -<refsect1> - <title>IDMAP OPTIONS</title> - - <variablelist> - <varlistentry> - <term>range = low - high</term> - <listitem><para> - Defines the available matching UID and GID range for which the - backend is authoritative. Note that the range acts as a filter. - If specified any UID or GID stored in AD that fall outside the - range is ignored and the corresponding map is discarded. - It is intended as a way to avoid accidental UID/GID overlaps - between local and remotely defined IDs. - </para></listitem> - </varlistentry> - <varlistentry> - <term>schema_mode = <rfc2307 | sfu | sfu20></term> - <listitem><para> - Defines the schema that idmap_ad should use when querying - Active Directory regarding user and group information. - This can be either the RFC2307 schema support included - in Windows 2003 R2 or the Service for Unix (SFU) schema. - For SFU 3.0 or 3.5 please choose "sfu", for SFU 2.0 - please choose "sfu20". - - Please note that primary group membership is currently always calculated - via the "primaryGroupID" LDAP attribute. - </para></listitem> - </varlistentry> - </variablelist> -</refsect1> - -<refsect1> - <title>EXAMPLES</title> - <para> - The following example shows how to retrieve idmappings from our principal and - trusted AD domains. If trusted domains are present id conflicts must be - resolved beforehand, there is no - guarantee on the order conflicting mappings would be resolved at this point. - - This example also shows how to leave a small non conflicting range for local - id allocation that may be used in internal backends like BUILTIN. - </para> - - <programlisting> - [global] - workgroup = CORP - - idmap config * : backend = tdb - idmap config * : range = 1000000-1999999 - - idmap config CORP : backend = ad - idmap config CORP : range = 1000-999999 - </programlisting> -</refsect1> - -<refsect1> - <title>AUTHOR</title> - - <para> - The original Samba software and related utilities - were created by Andrew Tridgell. Samba is now developed - by the Samba Team as an Open Source project similar - to the way the Linux kernel is developed. - </para> -</refsect1> - -</refentry> |