diff options
Diffstat (limited to 'docs-xml')
-rw-r--r-- | docs-xml/manpages-3/idmap_tdb.8.xml | 81 |
1 files changed, 61 insertions, 20 deletions
diff --git a/docs-xml/manpages-3/idmap_tdb.8.xml b/docs-xml/manpages-3/idmap_tdb.8.xml index 4258d95ac6..fb23076d08 100644 --- a/docs-xml/manpages-3/idmap_tdb.8.xml +++ b/docs-xml/manpages-3/idmap_tdb.8.xml @@ -19,9 +19,27 @@ <refsynopsisdiv> <title>DESCRIPTION</title> - <para>The idmap_tdb plugin is the default backend used by winbindd - for storing SID/uid/gid mapping tables and implements - both the "idmap" and "idmap alloc" APIs. + <para> + The idmap_tdb plugin is the default backend used by winbindd + for storing SID/uid/gid mapping tables. In contrast to read only + backends like idmap_rid, it is an allocating backend: + This means that it needs to allocate new user and group IDs + to create new mappings as requests to yet unmapped users are answered. + </para> + + <para> + Note that in order for this (or any other allocating) backend to + function at all, the default backend needs to be writeable. + The ranges used for uid and gid allocation are the default ranges + configured by "idmap uid" and "idmap gid". + </para> + + <para> + Furthermore, since there is only one global allocating backend + responsible for all domains using writeable idmap backends, + any explicitly configured domain with idmap backend tdb + should have the same range as the default range, since it needs + to use the global uid / gid allocator. See the example below. </para> </refsynopsisdiv> @@ -33,30 +51,53 @@ <term>range = low - high</term> <listitem><para> Defines the available matching uid and gid range for which the - backend is authoritative. Note that the range commonly matches - the allocation range due to the fact that the same backend will - store and retrieve SID/uid/gid mapping entries. If the parameter - is absent, Winbind fail over to use the "idmap uid" and - "idmap gid" options from smb.conf. + backend is authoritative. + If the parameter is absent, Winbind fails over to use + the "idmap uid" and "idmap gid" options + from smb.conf. </para></listitem> </varlistentry> </variablelist> </refsect1> <refsect1> - <title>IDMAP ALLOC OPTIONS</title> + <title>EXAMPLES</title> - <variablelist> - <varlistentry> - <term>range = low - high</term> - <listitem><para> - Defines the available matching uid and gid range from which - winbindd can allocate for users and groups. If the parameter - is absent, Winbind fail over to use the "idmap uid" - and "idmap gid" options from smb.conf. - </para></listitem> - </varlistentry> - </variablelist> + <para> + This example shows how tdb is used as a the default idmap backend. + It configures the idmap range through the global options for all + domains encountered. This same range is used for uid/gid allocation. + </para> + + <programlisting> + [global] + # "idmap backend = tdb" is redundant here since it is the default + idmap backend = tdb + idmap uid = 1000000-2000000 + idmap gid = 1000000-2000000 + </programlisting> + + <para> + This (rather theoretical) example shows how tdb can be used as the + allocating backend while ldap is the default backend used to store + the mappings. + It adds an explicit configuration for some domain DOM1, that + uses the tdb idmap backend. Note that the same range as the + default uid/gid range is used, since the allocator has to serve + both the default backend and the explicitly configured domain DOM1. + </para> + + <programlisting> + [global] + idmap backend = ldap + idmap uid = 1000000-2000000 + idmap gid = 1000000-2000000 + # use a different uid/gid allocator: + idmap alloc backend = tdb + + idmap config DOM1 : backend = tdb + idmap config DOM1 : range = 1000000-2000000 + </programlisting> </refsect1> <refsect1> |