2007-03-21 20:48:00 +00:00
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id= "idmap_ad.8" >
<refmeta >
<refentrytitle > idmap_ad</refentrytitle>
<manvolnum > 8</manvolnum>
2008-04-06 20:26:45 +00:00
<refmiscinfo class= "source" > Samba</refmiscinfo>
<refmiscinfo class= "manual" > System Administration tools</refmiscinfo>
2009-09-08 15:39:57 +02:00
<refmiscinfo class= "version" > 3.6</refmiscinfo>
2007-03-21 20:48:00 +00:00
</refmeta>
<refnamediv >
<refname > idmap_ad</refname>
<refpurpose > Samba's idmap_ad Backend for Winbind</refpurpose>
</refnamediv>
<refsynopsisdiv >
<title > DESCRIPTION</title>
2007-03-21 21:23:17 +00:00
<para > The idmap_ad plugin provides a way for Winbind to read
id mappings from an AD server that uses RFC2307/SFU schema
extensions. This module implements only the " idmap"
API, and is READONLY. Mappings must be provided in advance
by the administrator by adding the posixAccount/posixGroup
2008-12-16 09:04:32 +01:00
classes and relative attribute/value pairs to the user and
group objects in the AD.</para>
2007-03-21 20:48:00 +00:00
</refsynopsisdiv>
<refsect1 >
<title > IDMAP OPTIONS</title>
2007-03-21 21:23:17 +00:00
<variablelist >
<varlistentry >
<term > range = low - high</term>
<listitem > <para >
2008-12-16 09:04:32 +01:00
Defines the available matching UID and GID range for which the
2007-03-21 21:23:17 +00:00
backend is authoritative. Note that the range acts as a filter.
If specified any UID or GID stored in AD that fall outside the
range is ignored and the corresponding map is discarded.
It is intended as a way to avoid accidental UID/GID overlaps
between local and remotely defined IDs.
</para> </listitem>
2007-03-21 21:45:10 +00:00
</varlistentry>
2007-04-17 22:12:48 +00:00
<varlistentry >
<term > schema_mode = < rfc2307 | sfu > </term>
<listitem > <para >
2007-08-20 22:47:12 +00:00
Defines the schema that idmap_ad should use when querying
2007-04-17 22:38:52 +00:00
Active Directory regarding user and group information.
2008-12-16 09:04:32 +01:00
This can be either the RFC2307 schema support included
2007-04-17 22:12:48 +00:00
in Windows 2003 R2 or the Service for Unix (SFU) schema.
</para> </listitem>
</varlistentry>
2007-03-21 21:45:10 +00:00
</variablelist>
2007-03-21 20:48:00 +00:00
</refsect1>
<refsect1 >
<title > EXAMPLES</title>
2007-03-21 21:23:17 +00:00
<para >
The following example shows how to retrieve idmappings from our principal and
2010-04-13 20:06:14 +02:00
trusted AD domains. If trusted domains are present id conflicts must be
2008-12-16 11:18:45 +01:00
resolved beforehand, there is no
2007-09-12 12:16:36 +00:00
guarantee on the order conflicting mappings would be resolved at this point.
2007-03-21 21:23:17 +00:00
This example also shows how to leave a small non conflicting range for local
2007-11-27 10:11:21 +00:00
id allocation that may be used in internal backends like BUILTIN.
2007-03-21 21:23:17 +00:00
</para>
<programlisting >
[global]
2008-07-17 14:05:57 +02:00
idmap backend = tdb
idmap uid = 1000000-1999999
idmap gid = 1000000-1999999
2007-03-21 21:23:17 +00:00
2008-07-17 14:05:57 +02:00
idmap config CORP : backend = ad
idmap config CORP : range = 1000-999999
2007-03-21 21:23:17 +00:00
</programlisting>
2007-03-21 20:48:00 +00:00
</refsect1>
<refsect1 >
<title > AUTHOR</title>
<para >
2007-08-20 22:47:12 +00:00
The original Samba software and related utilities
2007-03-21 20:48:00 +00:00
were created by Andrew Tridgell. Samba is now developed
2007-08-20 22:47:12 +00:00
by the Samba Team as an Open Source project similar
2007-03-21 20:48:00 +00:00
to the way the Linux kernel is developed.
2007-08-20 22:47:12 +00:00
</para>
2007-03-21 20:48:00 +00:00
</refsect1>
</refentry>
