diff options
Diffstat (limited to 'docs/smbdotconf/winbind/idmapconfig.xml')
| -rw-r--r-- | docs/smbdotconf/winbind/idmapconfig.xml | 53 |
1 files changed, 43 insertions, 10 deletions
diff --git a/docs/smbdotconf/winbind/idmapconfig.xml b/docs/smbdotconf/winbind/idmapconfig.xml index 7e96445962..63b0a907a8 100644 --- a/docs/smbdotconf/winbind/idmapconfig.xml +++ b/docs/smbdotconf/winbind/idmapconfig.xml @@ -8,24 +8,57 @@ The idmap config prefix provides a means of managing each domain defined by the <smbconfoption name="idmap domains"/> option using Samba's parameteric option support. The idmap config prefix should be - followed by the name of the domain, a colon, and either the option - name "backend" or a setting specific to the chosen - backend.</para> + followed by the name of the domain, a colon, and a setting specific to + the chosen backend. There are three options available for all domains: + </para> + <variablelist> + <varlistentry> + <term>backend = backend_name</term> + <listitem><para> + Specifies the name of the idmap plugin to use as the + SID/uid/gid backend for this domain. + </para></listitem> + </varlistentry> + + <varlistentry> + <term>default = [yes|no]</term> + <listitem><para> + The default domain/backend will be used for searching for + users and groups not belonging to one of the explicitly + listed domains (matched by comparing the account SID and the + domain SID). + </para></listitem> + </varlistentry> + + <varlistentry> + <term>readonly = [yes|no]</term> + <listitem><para> + Mark the domain as readonly which means that no attempts to + allocate a uid or gid (by the <smbconfoption name="idmap alloc + backend"/>) for any user or group in that domain + will be attempted. + </para></listitem> + </varlistentry> + </variablelist> <para> The following example illustrates how to configure the <citerefentry> <refentrytitle>idmap_ad</refentrytitle><manvolnum>8</manvolnum></citerefentry> for the CORP domain and the <citerefentry><refentrytitle>idmap_tdb</refentrytitle> - <manvolnum>8</manvolnum></citerefentry> backend for all other domains. + <manvolnum>8</manvolnum></citerefentry> backend for all other domains. The + TRUSTEDDOMAINS string is simply a key used to reference the "idmap + config" settings and does not represent the actual name of a domain. </para> <programlisting> - idmap domains = CORP default - idmap config CORP:backend = ad - idmap config CORP:read_only = yes - idmap config default:backend = tdb - idmap config default:default = yes - idmap config default:range = 1000 - 9999 + idmap domains = CORP TRUSTEDDOMAINS + + idmap config CORP:backend = ad + idmap config CORP:readonly = yes + + idmap config TRUSTEDDOMAINS:backend = tdb + idmap config TRUSTEDDOMAINS:default = yes + idmap config TRUSTEDDOMAINS:range = 1000 - 9999 </programlisting> </description> |