blob: e9cb07676a9eed3689218a631be2e6a6cdf31acc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
<samba:parameter name="idmap backend"
context="G"
type="string"
advanced="1" developer="1" hide="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
The purpose of the idmap backend parameter is to allow idmap to NOT use the local idmap
tdb file to obtain SID to UID / GID mappings, but instead to obtain them from a common
LDAP backend. This way all domain members and controllers will have the same UID and GID
to SID mappings. This avoids the risk of UID / GID inconsistencies across UNIX / Linux
systems that are sharing information over protocols other than SMB/CIFS (ie: NFS).
</para>
<para>
An alternate method of SID to UID / GID mapping can be achieved using the idmap_rid
plug-in. This plug-in uses the account RID to derive the UID and GID by adding the
RID to a base value specified. This utility requires that the parameter
<quote>allow trusted domains = No</quote> must be specified, as it is not compatible
with multiple domain environments. The idmap uid and idmap gid ranges must also be
specified.
</para>
<para>
Finally, using the idmap_ad module, the UID and GID can directly
be retrieved from an Active Directory LDAP Server that supports an
RFC2307 compliant LDAP schema. idmap_ad supports "Services for Unix"
(SFU) version 2.x and 3.0.
</para>
</description>
<value type="default"></value>
<value type="example">ldap:ldap://ldapslave.example.com</value>
<value type="example">idmap_rid:"BUILTIN=1000-1999,DOMNAME=2000-100000000"</value>
<value type="example">idmap_ad</value>
</samba:parameter>
|
