From c3057f69a274f0d8e0e66183bd5e8be7703b6750 Mon Sep 17 00:00:00 2001 From: Björn Jacke Date: Wed, 15 May 2013 15:52:25 +0200 Subject: docs: mention AD prerequirements for using idmap_ad Reviewed-by: Stefan Metzmacher --- docs-xml/manpages/idmap_ad.8.xml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'docs-xml/manpages') diff --git a/docs-xml/manpages/idmap_ad.8.xml b/docs-xml/manpages/idmap_ad.8.xml index 2ae7fc8c51..0e33b772bb 100644 --- a/docs-xml/manpages/idmap_ad.8.xml +++ b/docs-xml/manpages/idmap_ad.8.xml @@ -22,9 +22,12 @@ id mappings from an AD server that uses RFC2307/SFU schema extensions. This module implements only the "idmap" API, and is READONLY. Mappings must be provided in advance - by the administrator by adding the posixAccount/posixGroup - classes and relative attribute/value pairs to the user and - group objects in the AD. + by the administrator by adding the uidNumber attributes for + users and gidNumber attributes for groups in the AD. Winbind + will only map users that have a uidNumber and whose primary + group have a gidNumber attribute set. It is however + recommended that all groups in use have gidNumber attributes + assigned, otherwise they are not working. Currently, the ad backend -- cgit