From 02ad2b539c1eceaf26c71dcc469649b6d26dcef9 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 21 Mar 2007 21:23:17 +0000 Subject: man page for IDMAP_AD (This used to be commit e386776e5d1f13fb4c002299089a344968b134c8) --- docs/manpages-3/idmap_ad.8.xml | 42 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 3 deletions(-) diff --git a/docs/manpages-3/idmap_ad.8.xml b/docs/manpages-3/idmap_ad.8.xml index fe1888211e..bb67df74e9 100644 --- a/docs/manpages-3/idmap_ad.8.xml +++ b/docs/manpages-3/idmap_ad.8.xml @@ -15,17 +15,53 @@ DESCRIPTION - TODO + The idmap_ad plugin provides a way for Winbind to read + id mappings from an AD server that uses RFC2307/SFU schema + extensions. This module implements only the "idmap" + API, and is READONLY. Mappings must be provided in advance + by the administrator by adding the posixAccount/posixGroup + classess and relative attribute/value pairs to the users and + groups objects in AD IDMAP OPTIONS - TODO + + + + range = low - high + + Defines the available matching uid and gid range for which the + backend is authoritative. Note that the range acts as a filter. + If specified any UID or GID stored in AD that fall outside the + range is ignored and the corresponding map is discarded. + It is intended as a way to avoid accidental UID/GID overlaps + between local and remotely defined IDs. + EXAMPLES - TODO + + The following example shows how to retrieve idmappings from our principal and + and trusted AD domains. All is needed is to set default to yes. If trusted + domains are present id conflicts must be resolved beforehand, there is no + guarantee on the order confliting mappings would be resolved at this point. + + This example also shows how to leave a small non conflicting range for local + id allocation that may be used in internal backends like BULTIN. + + + + [global] + idmap domain = ALLDOMAINS + idmap config ALLDOMAINS:backend = ad + idmap config ALLDOMAINS:default = yes + idmap config ALLDOMAINS:range = 10000 - 300000000 + + idmap alloc backend = tdb + idmap alloc config:range = 5000 - 9999 + -- cgit