From 5190e4da2b51fdfa6df452a23127add5059cc4ac Mon Sep 17 00:00:00 2001
From: Abhidnya Joshi <achirmul@in.ibm.com>
Date: Tue, 16 Apr 2013 16:41:45 +0530
Subject: docs-xml: manpage update for autorid multirange support

Signed-off-by: Abhidnya Joshi <achirmul@in.ibm.com>
Reviewed-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
---
 docs-xml/manpages/idmap_autorid.8.xml | 34 ++++++++++++++++++++++------------
 1 file changed, 22 insertions(+), 12 deletions(-)

(limited to 'docs-xml/manpages')

diff --git a/docs-xml/manpages/idmap_autorid.8.xml b/docs-xml/manpages/idmap_autorid.8.xml
index ed698e91db..8ce281d10d 100644
--- a/docs-xml/manpages/idmap_autorid.8.xml
+++ b/docs-xml/manpages/idmap_autorid.8.xml
@@ -40,17 +40,21 @@
 		<varlistentry>
 		<term>rangesize = numberofidsperdomain</term>
 		<listitem><para>
-			Defines the available number of uids/gids per domain. The
-			minimum needed value is 2000. SIDs with RIDs larger than this
-			value cannot be mapped, are ignored and the corresponding map
-			is discarded. Choose this value carefully, as this should
-			not be changed after the first ranges for domains have been
-			defined, otherwise mappings between domains will get intermixed
-			leading to unpredictable results. Please note that RIDs in Windows
-			Domains usually start with 500 for builtin users and 1000
-			for regular users. As the parameter cannot be changed later, please
-			plan accordingly for your expected number of users in a domain
-			with safety margins.
+			Defines the number of uids/gids available per
+			domain range. The minimum needed value is 2000.
+			SIDs with RIDs larger than this value will be mapped
+			into extension ranges depending upon number of available
+			ranges. If the autorid backend runs out of available
+			ranges, mapping requests for new domains (or new
+			extension ranges for domains already known) are ignored
+			and the corresponding map is discarded.
+			</para>
+			<para>
+			Example: with rangesize set to 10000, users/groups with
+			a RID up to 10000 will be put into the first range for the
+			domain. When attempting to map the an object with a RID
+			of 25000, an extension range will be allocated that
+			will then be used to map all RIDs from 20000-29999.
 			</para>
 			<para>One range will be used for local users and groups and for
 			non-domain well-known SIDs like Everyone (S-1-1-0) or Creator Owner (S-1-3-0).
@@ -85,6 +89,7 @@
 		The Unix ID for a RID is calculated this way:
 		<programlisting>
 			ID = IDMAP UID LOW VALUE + DOMAINRANGENUMBER * RANGESIZE + RID
+			- (MULTIPLIER * RANGESIZE)
 		</programlisting>
 	</para>
 	<para>
@@ -92,15 +97,20 @@
 		given Unix ID is this:
 		<programlisting>
 			RID = ID - IDMAP UID LOW VALUE - DOMAINRANGENUMBER * RANGESIZE
+			+ (MULTIPLIER * RANGESIZE)
 		</programlisting>
 	</para>
+	<para>
+		MULTIPLIER is calculated as FLOOR(RID / RANGESIZE).
+	</para>
 </refsect1>
 
 <refsect1>
 	<title>EXAMPLES</title>
 	<para>
 		This example shows you the minimal configuration that will
-		work for the principial domain and 19 trusted domains.
+		work for the principial domain and 19 trusted domains / range
+		extensions.
 	</para>
 
 	<programlisting>
-- 
cgit