summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/winbindd/man/idmap_ad.8.xml114
-rw-r--r--source3/winbindd/man/idmap_autorid.8.xml153
-rw-r--r--source3/winbindd/man/idmap_hash.8.xml75
-rw-r--r--source3/winbindd/man/idmap_ldap.8.xml145
-rw-r--r--source3/winbindd/man/idmap_nss.8.xml60
-rw-r--r--source3/winbindd/man/idmap_rid.8.xml132
-rw-r--r--source3/winbindd/man/idmap_tdb.8.xml75
-rw-r--r--source3/winbindd/man/idmap_tdb2.8.xml137
8 files changed, 0 insertions, 891 deletions
diff --git a/source3/winbindd/man/idmap_ad.8.xml b/source3/winbindd/man/idmap_ad.8.xml
deleted file mode 100644
index 7319f9199f..0000000000
--- a/source3/winbindd/man/idmap_ad.8.xml
+++ /dev/null
@@ -1,114 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<refentry id="idmap_ad.8">
-
-<refmeta>
- <refentrytitle>idmap_ad</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="source">Samba</refmiscinfo>
- <refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.6</refmiscinfo>
-</refmeta>
-
-
-<refnamediv>
- <refname>idmap_ad</refname>
- <refpurpose>Samba's idmap_ad Backend for Winbind</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
- <title>DESCRIPTION</title>
- <para>The idmap_ad plugin provides a way for Winbind to read
- id mappings from an AD server that uses RFC2307/SFU schema
- extensions. This module implements only the &quot;idmap&quot;
- API, and is READONLY. Mappings must be provided in advance
- by the administrator by adding the posixAccount/posixGroup
- classes and relative attribute/value pairs to the user and
- group objects in the AD.</para>
-
- <para>
- Note that the idmap_ad module has changed considerably since
- Samba versions 3.0 and 3.2.
- Currently, the <parameter>ad</parameter> backend
- does not work as the the default idmap backend, but one has
- to configure it separately for each domain for which one wants
- to use it, using disjoint ranges. One usually needs to configure
- a writeable default idmap range, using for example the
- <parameter>tdb</parameter> or <parameter>ldap</parameter>
- backend, in order to be able to map the BUILTIN sids and
- possibly other trusted domains. The writeable default config
- is also needed in order to be able to create group mappings.
- This catch-all default idmap configuration should have a range
- that is disjoint from any explicitly configured domain with
- idmap backend <parameter>ad</parameter>. See the example below.
- </para>
-</refsynopsisdiv>
-
-<refsect1>
- <title>IDMAP OPTIONS</title>
-
- <variablelist>
- <varlistentry>
- <term>range = low - high</term>
- <listitem><para>
- Defines the available matching UID and GID range for which the
- backend is authoritative. Note that the range acts as a filter.
- If specified any UID or GID stored in AD that fall outside the
- range is ignored and the corresponding map is discarded.
- It is intended as a way to avoid accidental UID/GID overlaps
- between local and remotely defined IDs.
- </para></listitem>
- </varlistentry>
- <varlistentry>
- <term>schema_mode = &lt;rfc2307 | sfu | sfu20&gt;</term>
- <listitem><para>
- Defines the schema that idmap_ad should use when querying
- Active Directory regarding user and group information.
- This can be either the RFC2307 schema support included
- in Windows 2003 R2 or the Service for Unix (SFU) schema.
- For SFU 3.0 or 3.5 please choose "sfu", for SFU 2.0
- please choose "sfu20".
-
- Please note that primary group membership is currently always calculated
- via the "primaryGroupID" LDAP attribute.
- </para></listitem>
- </varlistentry>
- </variablelist>
-</refsect1>
-
-<refsect1>
- <title>EXAMPLES</title>
- <para>
- The following example shows how to retrieve idmappings from our principal and
- trusted AD domains. If trusted domains are present id conflicts must be
- resolved beforehand, there is no
- guarantee on the order conflicting mappings would be resolved at this point.
-
- This example also shows how to leave a small non conflicting range for local
- id allocation that may be used in internal backends like BUILTIN.
- </para>
-
- <programlisting>
- [global]
- workgroup = CORP
-
- idmap config * : backend = tdb
- idmap config * : range = 1000000-1999999
-
- idmap config CORP : backend = ad
- idmap config CORP : range = 1000-999999
- </programlisting>
-</refsect1>
-
-<refsect1>
- <title>AUTHOR</title>
-
- <para>
- The original Samba software and related utilities
- were created by Andrew Tridgell. Samba is now developed
- by the Samba Team as an Open Source project similar
- to the way the Linux kernel is developed.
- </para>
-</refsect1>
-
-</refentry>
diff --git a/source3/winbindd/man/idmap_autorid.8.xml b/source3/winbindd/man/idmap_autorid.8.xml
deleted file mode 100644
index 3b93861eee..0000000000
--- a/source3/winbindd/man/idmap_autorid.8.xml
+++ /dev/null
@@ -1,153 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<refentry id="idmap_autorid.8">
-
-<refmeta>
- <refentrytitle>idmap_autorid</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="source">Samba</refmiscinfo>
- <refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.6</refmiscinfo>
-</refmeta>
-
-
-<refnamediv>
- <refname>idmap_autorid</refname>
- <refpurpose>Samba's idmap_autorid Backend for Winbind</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
- <title>DESCRIPTION</title>
- <para>The idmap_autorid backend provides a way to use an algorithmic
- mapping scheme to map UIDs/GIDs and SIDs that is more deterministic
- than idmap_tdb and easier to configure than idmap_rid.</para>
- <para>The module works similar to idmap_rid, but it automatically
- configures the range to be used for each domain, so there is no need
- to specify a specific range for each domain in the forest, the only
- configuration that is needed is the range of uid/gids that shall
- be used for user/group mappings and an optional size of the ranges
- to be used.</para>
- <para>The mappings of which domain is mapped to which range is stored
- in autorid.tdb, thus you should backup this database regularly.</para>
- <para>Due to the algorithm being used, it is the module that is
- most easy to use as it only requires a minimal configuration.</para>
-</refsynopsisdiv>
-
-<refsect1>
- <title>IDMAP OPTIONS</title>
-
- <variablelist>
- <varlistentry>
- <term>rangesize = numberofidsperdomain</term>
- <listitem><para>
- Defines the available number of uids/gids per domain. The
- minimum needed value is 2000. SIDs with RIDs larger than this
- value cannot be mapped, are ignored and the corresponding map
- is discarded. Choose this value carefully, as this should
- not be changed after the first ranges for domains have been
- defined, otherwise mappings between domains will get intermixed
- leading to unpredictable results. Please note that RIDs in Windows
- Domains usually start with 500 for builtin users and 1000
- for regular users. As the parameter cannot be changed later, please
- plan accordingly for your expected number of users in a domain
- with safety margins.
- </para>
- <para>One range will be used for local users and groups and for
- non-domain well-known SIDs like Everyone (S-1-1-0) or Creator Owner (S-1-3-0).
- A chosen list of well-known SIDs will be preallocated on first start
- to create deterministic mappings for those.</para>
- <para>
- Thus the number of local users and groups that can be created is
- limited by this option as well. If you plan to create a large amount
- of local users or groups, you will need set this parameter accordingly.
- </para>
- <para>The default value is 100000.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>read only = [ yes | no ]</term>
- <listitem><para>Turn the module into read-only mode. No new ranges will be allocated
- nor will new mappings be created in the idmap pool. Defaults to no.</para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>ignore builtin = [ yes | no ]</term>
- <listitem><para>Ignore any mapping requests for the BUILTIN domain.
- Defaults to no.</para>
- </listitem>
- </varlistentry>
- </variablelist>
-</refsect1>
-
-<refsect1>
- <title>THE MAPPING FORMULAS</title>
- <para>
- The Unix ID for a RID is calculated this way:
- <programlisting>
- ID = IDMAP UID LOW VALUE + DOMAINRANGENUMBER * RANGESIZE + RID
- </programlisting>
- </para>
- <para>
- Correspondingly, the formula for calculating the RID for a
- given Unix ID is this:
- <programlisting>
- RID = ID - IDMAP UID LOW VALUE - DOMAINRANGENUMBER * RANGESIZE
- </programlisting>
- </para>
-</refsect1>
-
-<refsect1>
- <title>EXAMPLES</title>
- <para>
- This example shows you the minimal configuration that will
- work for the principial domain and 19 trusted domains.
- </para>
-
- <programlisting>
- [global]
- security = ads
- workgroup = CUSTOMER
- realm = CUSTOMER.COM
-
- idmap config * : backend = autorid
- idmap config * : range = 1000000-1999999
-
- </programlisting>
-
- <para>
- This example shows how to configure idmap_autorid as default
- for all domains with a potentially large amount of users
- plus a specific configuration for a trusted domain
- that uses the SFU mapping scheme. Please note that idmap
- ranges and sfu ranges are not allowed to overlap.
- </para>
-
- <programlisting>
- [global]
- security = ads
- workgroup = CUSTOMER
- realm = CUSTOMER.COM
-
- idmap config * : backend = autorid
- idmap config * : range = 1000000-19999999
- idmap config * : rangesize = 1000000
-
- idmap config TRUSTED : backend = ad
- idmap config TRUSTED : range = 50000 - 99999
- idmap config TRUSTED : schema_mode = sfu
- </programlisting>
-
-</refsect1>
-
-<refsect1>
- <title>AUTHOR</title>
-
- <para>
- The original Samba software and related utilities
- were created by Andrew Tridgell. Samba is now developed
- by the Samba Team as an Open Source project similar
- to the way the Linux kernel is developed.
- </para>
-</refsect1>
-
-</refentry>
diff --git a/source3/winbindd/man/idmap_hash.8.xml b/source3/winbindd/man/idmap_hash.8.xml
deleted file mode 100644
index f3ec6a7bc2..0000000000
--- a/source3/winbindd/man/idmap_hash.8.xml
+++ /dev/null
@@ -1,75 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<refentry id="idmap_hash.8">
-
-<refmeta>
- <refentrytitle>idmap_hash</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="source">Samba</refmiscinfo>
- <refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.6</refmiscinfo>
-</refmeta>
-
-
-<refnamediv>
- <refname>idmap_hash</refname>
- <refpurpose>Samba's idmap_hash Backend for Winbind</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
- <title>DESCRIPTION</title>
- <para>The idmap_hash plugin implements a hashing algorithm used to map
- SIDs for domain users and groups to 31-bit uids and gids, respectively.
- This plugin also implements the nss_info API and can be used
- to support a local name mapping files if enabled via the
- &quot;winbind normalize names&quot; and &quot;winbind nss info&quot;
- parameters in smb.conf.
- </para>
-</refsynopsisdiv>
-
-<refsect1>
- <title>IDMAP OPTIONS</title>
-
- <variablelist>
- <varlistentry>
- <term>name_map</term>
- <listitem><para>
- Specifies the absolute path to the name mapping
- file used by the nss_info API. Entries in the file
- are of the form &quot;<replaceable>unix name</replaceable>
- = <replaceable>qualified domain name</replaceable>&quot;.
- Mapping of both user and group names is supported.
- </para></listitem>
- </varlistentry>
- </variablelist>
-</refsect1>
-
-<refsect1>
- <title>EXAMPLES</title>
- <para>The following example utilizes the idmap_hash plugin for
- the idmap and nss_info information.
- </para>
-
- <programlisting>
- [global]
- idmap config * : backend = hash
- idmap config * : range = 1000-4000000000
-
- winbind nss info = hash
- winbind normalize names = yes
- idmap_hash:name_map = /etc/samba/name_map.cfg
- </programlisting>
-</refsect1>
-
-<refsect1>
- <title>AUTHOR</title>
-
- <para>
- The original Samba software and related utilities
- were created by Andrew Tridgell. Samba is now developed
- by the Samba Team as an Open Source project similar
- to the way the Linux kernel is developed.
- </para>
-</refsect1>
-
-</refentry>
diff --git a/source3/winbindd/man/idmap_ldap.8.xml b/source3/winbindd/man/idmap_ldap.8.xml
deleted file mode 100644
index e68f2782bf..0000000000
--- a/source3/winbindd/man/idmap_ldap.8.xml
+++ /dev/null
@@ -1,145 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<refentry id="idmap_ldap.8">
-
-<refmeta>
- <refentrytitle>idmap_ldap</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="source">Samba</refmiscinfo>
- <refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.6</refmiscinfo>
-</refmeta>
-
-
-<refnamediv>
- <refname>idmap_ldap</refname>
- <refpurpose>Samba's idmap_ldap Backend for Winbind</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
- <title>DESCRIPTION</title>
-
- <para>The idmap_ldap plugin provides a means for Winbind to
- store and retrieve SID/uid/gid mapping tables in an LDAP directory
- service.
- </para>
-
- <para>
- In contrast to read only backends like idmap_rid, it is an allocating
- backend: This means that it needs to allocate new user and group IDs in
- order to create new mappings.
- </para>
-
-</refsynopsisdiv>
-
-<refsect1>
- <title>IDMAP OPTIONS</title>
-
- <variablelist>
- <varlistentry>
- <term>ldap_base_dn = DN</term>
- <listitem><para>
- Defines the directory base suffix to use for
- SID/uid/gid mapping entries. If not defined, idmap_ldap will default
- to using the &quot;ldap idmap suffix&quot; option from smb.conf.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term>ldap_user_dn = DN</term>
- <listitem><para>
- Defines the user DN to be used for authentication.
- The secret for authenticating this user should be
- stored with net idmap secret
- (see <citerefentry><refentrytitle>net</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry>).
- If absent, the ldap credentials from the ldap passdb configuration
- are used, and if these are also absent, an anonymous
- bind will be performed as last fallback.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term>ldap_url = ldap://server/</term>
- <listitem><para>
- Specifies the LDAP server to use for
- SID/uid/gid map entries. If not defined, idmap_ldap will
- assume that ldap://localhost/ should be used.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term>range = low - high</term>
- <listitem><para>
- Defines the available matching uid and gid range for which the
- backend is authoritative.
- </para></listitem>
- </varlistentry>
- </variablelist>
-</refsect1>
-
-<refsect1>
- <title>EXAMPLES</title>
-
- <para>
- The following example shows how an ldap directory is used as the
- default idmap backend. It also configures the idmap range and base
- directory suffix. The secret for the ldap_user_dn has to be set with
- &quot;net idmap secret '*' password&quot;.
- </para>
-
- <programlisting>
- [global]
- idmap config * : backend = ldap
- idmap config * : range = 1000000-1999999
- idmap config * : ldap_url = ldap://localhost/
- idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com
- idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com
- </programlisting>
-
- <para>
- This example shows how ldap can be used as a readonly backend while
- tdb is the default backend used to store the mappings.
- It adds an explicit configuration for some domain DOM1, that
- uses the ldap idmap backend. Note that a range disjoint from the
- default range is used.
- </para>
-
- <programlisting>
- [global]
- # "backend = tdb" is redundant here since it is the default
- idmap config * : backend = tdb
- idmap config * : range = 1000000-1999999
-
- idmap config DOM1 : backend = ldap
- idmap config DOM1 : range = 2000000-2999999
- idmap config DOM1 : read only = yes
- idmap config DOM1 : ldap_url = ldap://server/
- idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com
- idmap config DOM1 : ldap_user_dn = cn=idmap_admin,dc=dom1,dc=example,dc=com
- </programlisting>
-</refsect1>
-
-<refsynopsisdiv>
- <title>NOTE</title>
-
- <para>In order to use authentication against ldap servers you may
- need to provide a DN and a password. To avoid exposing the password
- in plain text in the configuration file we store it into a security
- store. The &quot;net idmap &quot; command is used to store a secret
- for the DN specified in a specific idmap domain.
- </para>
-</refsynopsisdiv>
-
-<refsect1>
- <title>AUTHOR</title>
-
- <para>
- The original Samba software and related utilities
- were created by Andrew Tridgell. Samba is now developed
- by the Samba Team as an Open Source project similar
- to the way the Linux kernel is developed.
- </para>
-</refsect1>
-
-</refentry>
diff --git a/source3/winbindd/man/idmap_nss.8.xml b/source3/winbindd/man/idmap_nss.8.xml
deleted file mode 100644
index 565019cd3d..0000000000
--- a/source3/winbindd/man/idmap_nss.8.xml
+++ /dev/null
@@ -1,60 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<refentry id="idmap_nss.8">
-
-<refmeta>
- <refentrytitle>idmap_nss</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="source">Samba</refmiscinfo>
- <refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.6</refmiscinfo>
-</refmeta>
-
-
-<refnamediv>
- <refname>idmap_nss</refname>
- <refpurpose>Samba's idmap_nss Backend for Winbind</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
- <title>DESCRIPTION</title>
-
- <para>The idmap_nss plugin provides a means to map Unix users and groups
- to Windows accounts and obsoletes the &quot;winbind trusted domains only&quot;
- smb.conf option. This provides a simple means of ensuring that the SID
- for a Unix user named jsmith is reported as the one assigned to
- DOMAIN\jsmith which is necessary for reporting ACLs on files and printers
- stored on a Samba member server.
- </para>
-</refsynopsisdiv>
-
-<refsect1>
- <title>EXAMPLES</title>
-
- <para>
- This example shows how to use idmap_nss to check the local accounts for its
- own domain while using allocation to create new mappings for trusted domains
- </para>
-
- <programlisting>
- [global]
- idmap config * : backend = tdb
- idmap config * : range = 1000000-1999999
-
- idmap config SAMBA : backend = nss
- idmap config SAMBA : range = 1000-999999
- </programlisting>
-</refsect1>
-
-<refsect1>
- <title>AUTHOR</title>
-
- <para>
- The original Samba software and related utilities
- were created by Andrew Tridgell. Samba is now developed
- by the Samba Team as an Open Source project similar
- to the way the Linux kernel is developed.
- </para>
-</refsect1>
-
-</refentry>
diff --git a/source3/winbindd/man/idmap_rid.8.xml b/source3/winbindd/man/idmap_rid.8.xml
deleted file mode 100644
index 3f8735288c..0000000000
--- a/source3/winbindd/man/idmap_rid.8.xml
+++ /dev/null
@@ -1,132 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<refentry id="idmap_rid.8">
-
-<refmeta>
- <refentrytitle>idmap_rid</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="source">Samba</refmiscinfo>
- <refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.6</refmiscinfo>
-</refmeta>
-
-
-<refnamediv>
- <refname>idmap_rid</refname>
- <refpurpose>Samba's idmap_rid Backend for Winbind</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
- <title>DESCRIPTION</title>
- <para>The idmap_rid backend provides a way to use an algorithmic
- mapping scheme to map UIDs/GIDs and SIDs. No database is required
- in this case as the mapping is deterministic.</para>
-
- <para>
- Note that the idmap_rid module has changed considerably since Samba
- versions 3.0. and 3.2.
- Currently, there should to be an explicit idmap configuration for each
- domain that should use the idmap_rid backend, using disjoint ranges.
- One usually needs to define a writeable default idmap range, using
- a backend like <parameter>tdb</parameter> or <parameter>ldap</parameter>
- that can create unix ids, in order to be able to map the BUILTIN sids
- and other domains, and also in order to be able to create group mappings.
- See the example below.
- </para>
-
- <para>
- Note that the old syntax
- <parameter>idmap backend = rid:"DOM1=range DOM2=range2 ..."</parameter>
- is not supported any more since Samba version 3.0.25.
- </para>
-</refsynopsisdiv>
-
-<refsect1>
- <title>IDMAP OPTIONS</title>
-
- <variablelist>
- <varlistentry>
- <term>range = low - high</term>
- <listitem><para>
- Defines the available matching uid and gid range for which the
- backend is authoritative. Note that the range acts as a filter.
- If algorithmically determined UID or GID fall outside the
- range, they are ignored and the corresponding map is discarded.
- It is intended as a way to avoid accidental UID/GID overlaps
- between local and remotely defined IDs.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term>base_rid = INTEGER</term>
- <listitem><para>
- Defines the base integer used to build SIDs out of a UID or a GID,
- and to rebase the UID or GID to be obtained from a SID.
- This means SIDs with a RID less than the base rid are filtered.
- The default is not to restrict the allowed rids at all,
- i.e. a base_rid value of 0.
- A good value for the base_rid can be 1000, since user
- RIDs by default start at 1000 (512 hexadecimal).
- </para>
- <para>
- Use of this parameter is deprecated.
- </para></listitem>
- </varlistentry>
- </variablelist>
-</refsect1>
-
-<refsect1>
- <title>THE MAPPING FORMULAS</title>
- <para>
- The Unix ID for a RID is calculated this way:
- <programlisting>
- ID = RID - BASE_RID + LOW_RANGE_ID.
- </programlisting>
- </para>
- <para>
- Correspondingly, the formula for calculating the RID for a
- given Unix ID is this:
- <programlisting>
- RID = ID + BASE_RID - LOW_RANGE_ID.
- </programlisting>
- </para>
-</refsect1>
-
-<refsect1>
- <title>EXAMPLES</title>
- <para>
- This example shows how to configure two domains with idmap_rid,
- the principal domain and a trusted domain, leaving the default
- id mapping scheme at tdb. The example also demonstrates the use
- of the base_rid parameter for the trusted domain.
- </para>
-
- <programlisting>
- [global]
- security = domain
- workgroup = MAIN
-
- idmap config * : backend = tdb
- idmap config * : range = 1000000-1999999
-
- idmap config MAIN : backend = rid
- idmap config MAIN : range = 10000 - 49999
-
- idmap config TRUSTED : backend = rid
- idmap config TRUSTED : range = 50000 - 99999
- idmap config TRUSTED : base_rid = 1000
- </programlisting>
-</refsect1>
-
-<refsect1>
- <title>AUTHOR</title>
-
- <para>
- The original Samba software and related utilities
- were created by Andrew Tridgell. Samba is now developed
- by the Samba Team as an Open Source project similar
- to the way the Linux kernel is developed.
- </para>
-</refsect1>
-
-</refentry>
diff --git a/source3/winbindd/man/idmap_tdb.8.xml b/source3/winbindd/man/idmap_tdb.8.xml
deleted file mode 100644
index c67d6cb9bc..0000000000
--- a/source3/winbindd/man/idmap_tdb.8.xml
+++ /dev/null
@@ -1,75 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<refentry id="idmap_tdb.8">
-
-<refmeta>
- <refentrytitle>idmap_tdb</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="source">Samba</refmiscinfo>
- <refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.6</refmiscinfo>
-</refmeta>
-
-
-<refnamediv>
- <refname>idmap_tdb</refname>
- <refpurpose>Samba's idmap_tdb Backend for Winbind</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
- <title>DESCRIPTION</title>
-
- <para>
- The idmap_tdb plugin is the default backend used by winbindd
- for storing SID/uid/gid mapping tables.
- </para>
-
- <para>
- In contrast to read only backends like idmap_rid, it is an allocating
- backend: This means that it needs to allocate new user and group IDs in
- order to create new mappings.
- </para>
-</refsynopsisdiv>
-
-<refsect1>
- <title>IDMAP OPTIONS</title>
-
- <variablelist>
- <varlistentry>
- <term>range = low - high</term>
- <listitem><para>
- Defines the available matching uid and gid range for which the
- backend is authoritative.
- </para></listitem>
- </varlistentry>
- </variablelist>
-</refsect1>
-
-<refsect1>
- <title>EXAMPLES</title>
-
- <para>
- This example shows how tdb is used as a the default idmap backend.
- This configured range is used for uid and gid allocation.
- </para>
-
- <programlisting>
- [global]
- # "backend = tdb" is redundant here since it is the default
- idmap config * : backend = tdb
- idmap config * : range = 1000000-2000000
- </programlisting>
-</refsect1>
-
-<refsect1>
- <title>AUTHOR</title>
-
- <para>
- The original Samba software and related utilities
- were created by Andrew Tridgell. Samba is now developed
- by the Samba Team as an Open Source project similar
- to the way the Linux kernel is developed.
- </para>
-</refsect1>
-
-</refentry>
diff --git a/source3/winbindd/man/idmap_tdb2.8.xml b/source3/winbindd/man/idmap_tdb2.8.xml
deleted file mode 100644
index 1faf59085f..0000000000
--- a/source3/winbindd/man/idmap_tdb2.8.xml
+++ /dev/null
@@ -1,137 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<refentry id="idmap_tdb2.8">
-
-<refmeta>
- <refentrytitle>idmap_tdb2</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="source">Samba</refmiscinfo>
- <refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">3.6</refmiscinfo>
-</refmeta>
-
-
-<refnamediv>
- <refname>idmap_tdb2</refname>
- <refpurpose>Samba's idmap_tdb2 Backend for Winbind</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
- <title>DESCRIPTION</title>
-
- <para>
- The idmap_tdb2 plugin is a substitute for the default idmap_tdb
- backend used by winbindd for storing SID/uid/gid mapping tables
- in clustered environments with Samba and CTDB.
- </para>
-
- <para>
- In contrast to read only backends like idmap_rid, it is an allocating
- backend: This means that it needs to allocate new user and group IDs in
- order to create new mappings.
- </para>
-</refsynopsisdiv>
-
-<refsect1>
- <title>IDMAP OPTIONS</title>
-
- <variablelist>
- <varlistentry>
- <term>range = low - high</term>
- <listitem><para>
- Defines the available matching uid and gid range for which the
- backend is authoritative.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term>script</term>
- <listitem><para>
- This option can be used to configure an external program
- for performing id mappings instead of using the tdb
- counter. The mappings are then stored int tdb2 idmap
- database. For details see the section on IDMAP SCRIPT below.
- </para></listitem>
- </varlistentry>
- </variablelist>
-</refsect1>
-
-<refsect1>
- <title>IDMAP SCRIPT</title>
-
- <para>
- The tdb2 idmap backend supports an external program for performing id mappings
- through the smb.conf option <parameter>idmap config * : script</parameter> or
- its deprecated legacy form <parameter>idmap : script</parameter>.
- </para>
-
- <para>
- The mappings obtained by the script are then stored in the idmap tdb2
- database instead of mappings created by the incrementing id counters.
- It is therefore important that the script covers the complete range of
- SIDs that can be passed in for SID to Unix ID mapping, since otherwise
- SIDs unmapped by the script might get mapped to IDs that had
- previously been mapped by the script.
- </para>
-
- <para>
- The script should accept the following command line options.
- </para>
-
- <programlisting>
- SIDTOID S-1-xxxx
- IDTOSID UID xxxx
- IDTOSID GID xxxx
- </programlisting>
-
- <para>
- And it should return one of the following responses as a single line of
- text.
- </para>
-
- <programlisting>
- UID:yyyy
- GID:yyyy
- SID:yyyy
- ERR:yyyy
- </programlisting>
-</refsect1>
-
-<refsect1>
- <title>EXAMPLES</title>
-
- <para>
- This example shows how tdb2 is used as a the default idmap backend.
- </para>
-
- <programlisting>
- [global]
- idmap config * : backend = tdb2
- idmap config * : range = 1000000-2000000
- </programlisting>
-
- <para>
- This example shows how tdb2 is used as a the default idmap backend
- using an external program via the script parameter:
- </para>
-
- <programlisting>
- [global]
- idmap config * : backend = tdb2
- idmap config * : range = 1000000-2000000
- idmap config * : script = /usr/local/samba/bin/idmap_script.sh
- </programlisting>
-</refsect1>
-
-<refsect1>
- <title>AUTHOR</title>
-
- <para>
- The original Samba software and related utilities
- were created by Andrew Tridgell. Samba is now developed
- by the Samba Team as an Open Source project similar
- to the way the Linux kernel is developed.
- </para>
-</refsect1>
-
-</refentry>