From 8f8a9f01909ba29e2b781310baeeaaddc3f15f0d Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Tue, 22 Apr 2008 10:09:40 -0500 Subject: Moving docs tree to docs-xml to make room for generated docs in the release tarball. (This used to be commit 9f672c26d63955f613088489c6efbdc08b5b2d14) --- docs-xml/manpages-3/idmap_ldap.8.xml | 165 +++++++++++++++++++++++++++++++++++ 1 file changed, 165 insertions(+) create mode 100644 docs-xml/manpages-3/idmap_ldap.8.xml (limited to 'docs-xml/manpages-3/idmap_ldap.8.xml') diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml b/docs-xml/manpages-3/idmap_ldap.8.xml new file mode 100644 index 0000000000..ea7def3a0c --- /dev/null +++ b/docs-xml/manpages-3/idmap_ldap.8.xml @@ -0,0 +1,165 @@ + + + + + + idmap_ldap + 8 + Samba + System Administration tools + 3.2 + + + + + idmap_ldap + Samba's idmap_ldap Backend for Winbind + + + + DESCRIPTION + + The idmap_ldap plugin provides a means for Winbind to + store and retrieve SID/uid/gid mapping tables in an LDAP directory + service. The module implements both the "idmap" and + "idmap alloc" APIs. + + + + + IDMAP OPTIONS + + + + ldap_base_dn = DN + + Defines the directory base suffix to use when searching for + SID/uid/gid mapping entries. If not defined, idmap_ldap will default + to using the "ldap idmap suffix" option from smb.conf. + + + + + ldap_user_dn = DN + + Defines the user DN to be used for authentication. If absent an + anonymous bind will be performed. + + + + + ldap_url = ldap://server/ + + Specifies the LDAP server to use when searching for existing + SID/uid/gid map entries. If not defined, idmap_ldap will + assume that ldap://localhost/ should be used. + + + + + range = low - high + + Defines the available matching uid and gid range for which the + backend is authoritative. Note that the range commonly matches + the allocation range due to the fact that the same backend will + store and retrieve SID/uid/gid mapping entries. If the parameter + is absent, Winbind fail over to use the "idmap uid" and + "idmap gid" options from smb.conf. + + + + + + + IDMAP ALLOC OPTIONS + + + + ldap_base_dn = DN + + Defines the directory base suffix under which new SID/uid/gid mapping + entries should be stored. If not defined, idmap_ldap will default + to using the "ldap idmap suffix" option from smb.conf. + + + + + ldap_user_dn = DN + + Defines the user DN to be used for authentication. If absent an + anonymous bind will be performed. + + + + + ldap_url = ldap://server/ + + Specifies the LDAP server to which modify/add/delete requests should + be sent. If not defined, idmap_ldap will assume that ldap://localhost/ + should be used. + + + + + range = low - high + + Defines the available matching uid and gid range from which + winbindd can allocate for users and groups. If the parameter + is absent, Winbind fail over to use the "idmap uid" + and "idmap gid" options from smb.conf. + + + + + + + EXAMPLES + + + The follow sets of a LDAP configuration which uses a slave server + running on localhost for fast fetching SID/gid/uid mappings, it + implies correct configuration of referrals. + The idmap alloc backend is pointed directly to the master to skip + the referral (and consequent reconnection to the master) that the + slave would return as allocation requires writing on the master. + + + + [global] + idmap domains = ALLDOMAINS + idmap config ALLDOMAINS:default = yes + idmap config ALLDOMAINS:backend = ldap + idmap config ALLDOMAINS:ldap_base_dn = ou=idmap,dc=example,dc=com + idmap config ALLDOMAINS:ldap_url = ldap://localhost/ + idmap config ALLDOMAINS:range = 10000 - 50000 + + idmap alloc backend = ldap + idmap alloc config:ldap_base_dn = ou=idmap,dc=example,dc=com + idmap alloc config:ldap_url = ldap://master.example.com/ + idmap alloc config:range = 10000 - 50000 + + + + + NOTE + + In order to use authentication against ldap servers you may + need to provide a DN and a password. To avoid exposing the password + in plain text in the configuration file we store it into a security + store. The "net idmap " command is used to store a secret + for the DN specified in a specific idmap domain. + + + + + AUTHOR + + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + -- cgit