<samba:parameter name="idmap backend"
                 context="G"
				 type="string"
                 advanced="1" developer="1" hide="1"
                 xmlns:samba="http://samba.org/common">
<description>
	<para>
	The purpose of the idmap backend parameter is to allow idmap to NOT use the local idmap
	tdb file to obtain SID to UID / GID mappings, but instead to obtain them from a common
	LDAP backend. This way all domain members and controllers will have the same UID and GID
	to SID mappings. This avoids the risk of UID / GID inconsistencies across UNIX / Linux
	systems that are sharing information over protocols other than SMB/CIFS (ie: NFS).
	</para>

	<para>
	An alternate method of SID to UID / GID  mapping can be achieved using the idmap_rid
	plug-in. This plug-in uses the account RID to derive the UID and GID by adding the
	RID to a base value specified. This utility requires that the parameter
	<quote>allow trusted domains = No</quote> must be specified, as it is not compatible
	with multiple domain environments. The idmap uid and idmap gid ranges must also be
	specified.
	</para>
</description>

<value type="default"></value>
<value type="example">ldap:ldap://ldapslave.example.com</value>
<value type="example">idmap_rid:DOMNAME=1000-100000000</value>
</samba:parameter>