From e809abf55f6a2e6d93bcb5678142f56c49aea397 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 26 Sep 2012 02:58:28 +0200 Subject: smb.conf(5): Remove 'idmap config' documentation - the parameter has been removed. --- docs-xml/smbdotconf/winbind/idmapconfig.xml | 124 ---------------------------- 1 file changed, 124 deletions(-) delete mode 100644 docs-xml/smbdotconf/winbind/idmapconfig.xml diff --git a/docs-xml/smbdotconf/winbind/idmapconfig.xml b/docs-xml/smbdotconf/winbind/idmapconfig.xml deleted file mode 100644 index 53af31f4a8..0000000000 --- a/docs-xml/smbdotconf/winbind/idmapconfig.xml +++ /dev/null @@ -1,124 +0,0 @@ - - - - - ID mapping in Samba is the mapping between Windows SIDs and Unix user - and group IDs. This is performed by Winbindd with a configurable plugin - interface. Samba's ID mapping is configured by options starting with the - prefix. - An idmap option consists of the - prefix, followed by a domain name or the asterisk character (*), - a colon, and the name of an idmap setting for the chosen domain. - - - - The idmap configuration is hence divided into groups, one group - for each domain to be configured, and one group with the the - asterisk instead of a proper domain name, which specifies the - default configuration that is used to catch all domains that do - not have an explicit idmap configuration of their own. - - - - There are three general options available: - - - - - backend = backend_name - - This specifies the name of the idmap plugin to use as the - SID/uid/gid backend for this domain. The standard backends are - tdb - (idmap_tdb 8 ), - tdb2 - (idmap_tdb2 8), - ldap - (idmap_ldap 8), - , - rid - (idmap_rid 8), - , - hash - (idmap_hash 8), - , - autorid - (idmap_autorid 8), - , - ad - (idmap_ad 8), - , - and nss. - (idmap_nss 8), - The corresponding manual pages contain the details, but - here is a summary. - - - The first three of these create mappings of their own using - internal unixid counters and store the mappings in a database. - These are suitable for use in the default idmap configuration. - The rid and hash backends use a pure algorithmic calculation - to determine the unixid for a SID. The autorid module is a - mixture of the tdb and rid backend. It creates ranges for - each domain encountered and then uses the rid algorithm for each - of these automatically configured domains individually. - The ad backend usees unix IDs stored in Active Directory via - the standard schema extensions. The nss backend reverses - the standard winbindd setup and gets the unixids via names - from nsswitch which can be useful in an ldap setup. - - - - - range = low - high - - Defines the available matching uid and gid range for which the - backend is authoritative. For allocating backends, this also - defines the start and the end of the range for allocating - new unique IDs. - - - winbind uses this parameter to find the backend that is - authoritative for a unix ID to SID mapping, so it must be set - for each individually configured domain and for the default - configuration. The configured ranges must be mutually disjoint. - - - - - read only = yes|no - - This option can be used to turn the writing backends - tdb, tdb2, and ldap into read only mode. This can be useful - e.g. in cases where a pre-filled database exists that should - not be extended automatically. - - - - - - The following example illustrates how to configure the - idmap_ad 8 - backend for the CORP domain and the - idmap_tdb - 8 backend for all other - domains. This configuration assumes that the admin of CORP assigns - unix ids below 1000000 via the SFU extensions, and winbind is supposed - to use the next million entries for its own mappings from trusted - domains and for local groups for example. - - - - idmap config * : backend = tdb - idmap config * : range = 1000000-1999999 - - idmap config CORP : backend = ad - idmap config CORP : range = 1000-999999 - - - - -- cgit