diff options
Diffstat (limited to 'docs/htmldocs/manpages/idmap_ad.8.html')
| -rw-r--r-- | docs/htmldocs/manpages/idmap_ad.8.html | 26 |
1 files changed, 20 insertions, 6 deletions
diff --git a/docs/htmldocs/manpages/idmap_ad.8.html b/docs/htmldocs/manpages/idmap_ad.8.html index 574e7bf438..be73584d4e 100644 --- a/docs/htmldocs/manpages/idmap_ad.8.html +++ b/docs/htmldocs/manpages/idmap_ad.8.html @@ -4,7 +4,22 @@ API, and is READONLY. Mappings must be provided in advance by the administrator by adding the posixAccount/posixGroup classes and relative attribute/value pairs to the user and - group objects in the AD.</p></div><div class="refsect1" title="IDMAP OPTIONS"><a name="id266339"></a><h2>IDMAP OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">range = low - high</span></dt><dd><p> + group objects in the AD.</p><p> + Note that the idmap_ad module has changed considerably since + Samba versions 3.0 and 3.2. + Currently, the <em class="parameter"><code>ad</code></em> backend + does not work as the the default idmap backend, but one has + to configure it separately for each domain for which one wants + to use it, using disjoint ranges. One usually needs to configure + a writeable default idmap range, using for example the + <em class="parameter"><code>tdb</code></em> or <em class="parameter"><code>ldap</code></em> + backend, in order to be able to map the BUILTIN sids and + possibly other trusted domains. The writeable default config + is also needed in order to be able to create group mappings. + This catch-all default idmap configuration should have a range + that is disjoint from any explicitly configured domain with + idmap backend <em class="parameter"><code>ad</code></em>. See the example below. + </p></div><div class="refsect1" title="IDMAP OPTIONS"><a name="id266828"></a><h2>IDMAP OPTIONS</h2><div class="variablelist"><dl><dt><span class="term">range = low - high</span></dt><dd><p> Defines the available matching UID and GID range for which the backend is authoritative. Note that the range acts as a filter. If specified any UID or GID stored in AD that fall outside the @@ -16,7 +31,7 @@ Active Directory regarding user and group information. This can be either the RFC2307 schema support included in Windows 2003 R2 or the Service for Unix (SFU) schema. - </p></dd></dl></div></div><div class="refsect1" title="EXAMPLES"><a name="id266832"></a><h2>EXAMPLES</h2><p> + </p></dd></dl></div></div><div class="refsect1" title="EXAMPLES"><a name="id266865"></a><h2>EXAMPLES</h2><p> The following example shows how to retrieve idmappings from our principal and trusted AD domains. If trusted domains are present id conflicts must be resolved beforehand, there is no @@ -26,13 +41,12 @@ id allocation that may be used in internal backends like BUILTIN. </p><pre class="programlisting"> [global] - idmap backend = tdb - idmap uid = 1000000-1999999 - idmap gid = 1000000-1999999 + idmap config * : backend = tdb + idmap config * : range = 1000000-1999999 idmap config CORP : backend = ad idmap config CORP : range = 1000-999999 - </pre></div><div class="refsect1" title="AUTHOR"><a name="id266852"></a><h2>AUTHOR</h2><p> + </pre></div><div class="refsect1" title="AUTHOR"><a name="id266885"></a><h2>AUTHOR</h2><p> The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar |