diff options
Diffstat (limited to 'docs/manpages/idmap_ad.8')
| -rw-r--r-- | docs/manpages/idmap_ad.8 | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/docs/manpages/idmap_ad.8 b/docs/manpages/idmap_ad.8 index 7a67bad04e..ee7b8d4ee0 100644 --- a/docs/manpages/idmap_ad.8 +++ b/docs/manpages/idmap_ad.8 @@ -2,12 +2,12 @@ .\" Title: idmap_ad .\" Author: [see the "AUTHOR" section] .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/> -.\" Date: 08/02/2011 +.\" Date: 01/22/2012 .\" Manual: System Administration tools -.\" Source: Samba 3.5 +.\" Source: Samba 3.6 .\" Language: English .\" -.TH "IDMAP_AD" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools" +.TH "IDMAP_AD" "8" "01/22/2012" "Samba 3\&.6" "System Administration tools" .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- @@ -23,6 +23,15 @@ idmap_ad \- Samba\'s idmap_ad Backend for Winbind .SH "DESCRIPTION" .PP The idmap_ad plugin provides a way for Winbind to read id mappings from an AD server that uses RFC2307/SFU schema extensions\&. This module implements only the "idmap" API, and is READONLY\&. Mappings must be provided in advance by the administrator by adding the posixAccount/posixGroup classes and relative attribute/value pairs to the user and group objects in the AD\&. +.PP +Note that the idmap_ad module has changed considerably since Samba versions 3\&.0 and 3\&.2\&. Currently, the +\fIad\fR +backend does not work as the the default idmap backend, but one has to configure it separately for each domain for which one wants to use it, using disjoint ranges\&. One usually needs to configure a writeable default idmap range, using for example the +\fItdb\fR +or +\fIldap\fR +backend, in order to be able to map the BUILTIN sids and possibly other trusted domains\&. The writeable default config is also needed in order to be able to create group mappings\&. This catch\-all default idmap configuration should have a range that is disjoint from any explicitly configured domain with idmap backend +\fIad\fR\&. See the example below\&. .SH "IDMAP OPTIONS" .PP range = low \- high @@ -43,9 +52,8 @@ The following example shows how to retrieve idmappings from our principal and tr .\} .nf [global] - idmap backend = tdb - idmap uid = 1000000\-1999999 - idmap gid = 1000000\-1999999 + idmap config * : backend = tdb + idmap config * : range = 1000000\-1999999 idmap config CORP : backend = ad idmap config CORP : range = 1000\-999999 |