2007-03-21 23:48:00 +03:00
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id= "idmap_rid.8" >
<refmeta >
<refentrytitle > idmap_rid</refentrytitle>
<manvolnum > 8</manvolnum>
2008-04-07 00:26:45 +04:00
<refmiscinfo class= "source" > Samba</refmiscinfo>
<refmiscinfo class= "manual" > System Administration tools</refmiscinfo>
2009-09-08 17:39:57 +04:00
<refmiscinfo class= "version" > 3.6</refmiscinfo>
2007-03-21 23:48:00 +03:00
</refmeta>
<refnamediv >
<refname > idmap_rid</refname>
<refpurpose > Samba's idmap_rid Backend for Winbind</refpurpose>
</refnamediv>
<refsynopsisdiv >
<title > DESCRIPTION</title>
2007-03-22 00:45:10 +03:00
<para > The idmap_rid backend provides a way to use an algorithmic
mapping scheme to map UIDs/GIDs and SIDs. No database is required
in this case as the mapping is deterministic.</para>
2007-03-21 23:48:00 +03:00
</refsynopsisdiv>
<refsect1 >
<title > IDMAP OPTIONS</title>
2007-03-22 00:45:10 +03:00
<variablelist >
<varlistentry >
<term > range = low - high</term>
<listitem > <para >
Defines the available matching uid and gid range for which the
backend is authoritative. Note that the range acts as a filter.
If algorithmically determined UID or GID fall outside the
range, they are ignored and the corresponding map is discarded.
It is intended as a way to avoid accidental UID/GID overlaps
between local and remotely defined IDs.
</para> </listitem>
</varlistentry>
<varlistentry >
<term > base_rid = INTEGER</term>
<listitem > <para >
2009-02-17 10:51:39 +03:00
Defines the base integer used to build SIDs out of a UID or a GID,
and to rebase the UID or GID to be obtained from a SID.
This means SIDs with a RID less than the base rid are filtered.
The default is not to restrict the allowed rids at all,
i.e. a base_rid value of 0.
A good value for the base_rid can be 1000, since user
RIDs by default start at 1000 (512 hexadecimal).
2008-07-17 16:05:57 +04:00
</para>
<para >
Use of this parameter is deprecated.
2007-03-22 00:45:10 +03:00
</para> </listitem>
</varlistentry>
</variablelist>
2007-03-21 23:48:00 +03:00
</refsect1>
2009-02-17 10:51:39 +03:00
<refsect1 >
<title > THE MAPPING FORMULAS</title>
<para >
The Unix ID for a RID is calculated this way:
<programlisting >
ID = RID - BASE_RID + LOW_RANGE_ID.
</programlisting>
</para>
<para >
2009-05-26 16:16:10 +04:00
Correspondingly, the formula for calculating the RID for a
2009-02-17 10:51:39 +03:00
given Unix ID is this:
<programlisting >
RID = ID + BASE_RID - LOW_RANGE_ID.
</programlisting>
</para>
</refsect1>
2007-03-21 23:48:00 +03:00
<refsect1 >
<title > EXAMPLES</title>
2009-02-17 10:59:27 +03:00
<para >
This example shows how to configure two domains with idmap_rid,
the principal domain and a trusted domain, leaving the default
id mapping scheme at tdb. The example also demonstrates the use
of the base_rid parameter for the trusted domain.
</para>
2007-03-22 00:45:10 +03:00
<programlisting >
[global]
2009-02-17 10:59:27 +03:00
security = domain
workgroup = MAIN
2008-07-17 16:05:57 +04:00
idmap backend = tdb
idmap uid = 1000000-1999999
idmap gid = 1000000-1999999
2007-03-22 00:45:10 +03:00
2009-02-17 10:59:27 +03:00
idmap config MAIN : backend = rid
idmap config MAIN : range = 10000 - 49999
2008-07-17 16:05:57 +04:00
idmap config TRUSTED : backend = rid
idmap config TRUSTED : range = 50000 - 99999
2009-02-17 10:59:27 +03:00
idmap config TRUSTED : base_rid = 1000
2007-03-22 00:45:10 +03:00
</programlisting>
2007-03-21 23:48:00 +03:00
</refsect1>
<refsect1 >
<title > AUTHOR</title>
<para >
2007-08-21 02:47:12 +04:00
The original Samba software and related utilities
2007-03-21 23:48:00 +03:00
were created by Andrew Tridgell. Samba is now developed
2007-08-21 02:47:12 +04:00
by the Samba Team as an Open Source project similar
2007-03-21 23:48:00 +03:00
to the way the Linux kernel is developed.
2007-08-21 02:47:12 +04:00
</para>
2007-03-21 23:48:00 +03:00
</refsect1>
</refentry>
