diff options
| author | vorlon <vorlon@alioth.debian.org> | 2007-11-21 17:44:34 +0000 |
|---|---|---|
| committer | vorlon <vorlon@alioth.debian.org> | 2007-11-21 17:44:34 +0000 |
| commit | 951fa9619c10959654b4f7d69c08722f1e76db71 (patch) | |
| tree | 38907f3881253efb6119e4ac316f59548d9539e7 /docs/htmldocs/manpages/idmap_ldap.8.html | |
| parent | 6e61533d519c58d0a6360e20d42102b61dd0ddcb (diff) | |
| download | samba-951fa9619c10959654b4f7d69c08722f1e76db71.tar.gz | |
merge upstream 3.0.27a into svn
git-svn-id: svn://svn.debian.org/svn/pkg-samba/trunk/samba@1586 fc4039ab-9d04-0410-8cac-899223bdd6b0
Diffstat (limited to 'docs/htmldocs/manpages/idmap_ldap.8.html')
| -rw-r--r-- | docs/htmldocs/manpages/idmap_ldap.8.html | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/docs/htmldocs/manpages/idmap_ldap.8.html b/docs/htmldocs/manpages/idmap_ldap.8.html new file mode 100644 index 0000000000..35d86eb9b8 --- /dev/null +++ b/docs/htmldocs/manpages/idmap_ldap.8.html @@ -0,0 +1,69 @@ +<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>idmap_ldap</title><link rel="stylesheet" href="samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.71.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="idmap_ldap.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>idmap_ldap — Samba's idmap_ldap Backend for Winbind</p></div><div class="refsynopsisdiv"><h2>DESCRIPTION</h2><p>The idmap_ldap plugin provides a means for Winbind to + store and retrieve SID/uid/gid mapping tables in an LDAP directory + service. The module implements both the "idmap" and + "idmap alloc" APIs. + </p></div><div class="refsect1" lang="en"><a name="id291818"></a><h2>IDMAP OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">ldap_base_dn = DN</span></dt><dd><p> + Defines the directory base suffix to use when searching for + SID/uid/gid mapping entries. If not defined, idmap_ldap will default + to using the "ldap idmap suffix" option from smb.conf. + </p></dd><dt><span class="term">ldap_user_dn = DN</span></dt><dd><p> + Defines the user DN to be used for authentication. If absent an + anonymous bind will be performed. + </p></dd><dt><span class="term">ldap_url = ldap://server/</span></dt><dd><p> + Specifies the LDAP server to use when searching for existing + SID/uid/gid map entries. If not defined, idmap_ldap will + assume that ldap://localhost/ should be used. + </p></dd><dt><span class="term">range = low - high</span></dt><dd><p> + Defines the available matching uid and gid range for which the + backend is authoritative. Note that the range commonly matches + the allocation range due to the fact that the same backend will + store and retrieve SID/uid/gid mapping entries. If the parameter + is absent, Winbind fail over to use the "idmap uid" and + "idmap gid" options from smb.conf. + </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id259565"></a><h2>IDMAP ALLOC OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">ldap_base_dn = DN</span></dt><dd><p> + Defines the directory base suffix under which new SID/uid/gid mapping + entries should be stored. If not defined, idmap_ldap will default + to using the "ldap idmap suffix" option from smb.conf. + </p></dd><dt><span class="term">ldap_user_dn = DN</span></dt><dd><p> + Defines the user DN to be used for authentication. If absent an + anonymous bind will be performed. + </p></dd><dt><span class="term">ldap_url = ldap://server/</span></dt><dd><p> + Specifies the LDAP server to which modify/add/delete requests should + be sent. If not defined, idmap_ldap will assume that ldap://localhost/ + should be used. + </p></dd><dt><span class="term">range = low - high</span></dt><dd><p> + Defines the available matching uid and gid range from which + winbindd can allocate for users and groups. If the parameter + is absent, Winbind fail over to use the "idmap uid" + and "idmap gid" options from smb.conf. + </p></dd></dl></div></div><div class="refsect1" lang="en"><a name="id259376"></a><h2>EXAMPLES</h2><p> + The follow sets of a LDAP configuration which uses a slave server + running on localhost for fast fetching SID/gid/uid mappings, it + implies correct configuration of referrals. + The idmap alloc backend is pointed directly to the master to skip + the referral (and consequent reconnection to the master) that the + slave would return as allocation requires writing on the master. + </p><pre class="programlisting"> + [global] + idmap domains = ALLDOMAINS + idmap config ALLDOMAINS:default = yes + idmap config ALLDOMAINS:backend = ldap + idmap config ALLDOMAINS:ldap_base_dn = ou=idmap,dc=example,dc=com + idmap config ALLDOMAINS:ldap_url = ldap://localhost/ + idmap config ALLDOMAINS:range = 10000 - 50000 + + idmap alloc backend = ldap + idmap alloc config:ldap_base_dn = ou=idmap,dc=example,dc=com + idmap alloc config:ldap_url = ldap://master.example.com/ + idmap alloc config:range = 10000 - 50000 + </pre></div><div class="refsynopsisdiv"><h2>NOTE</h2><p>In order to use authentication against ldap servers you may + need to provide a DN and a password. To avoid exposing the password + in plain text in the configuration file we store it into a security + store. The "net idmap " command is used to store a secret + for the DN specified in a specific idmap domain. + </p></div><div class="refsect1" lang="en"><a name="id259411"></a><h2>AUTHOR</h2><p> + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + </p></div></div></body></html> |