idmap_nss: Add a parameter to use UPNs instead of plain names

idmap config <DOMAIN> : backend = nss
idmap config <DOMAIN> : use_upn = yes|no

When translating a Unix ID to a SID the module calls get[pwu|grg]id() but the
name returned by some NSS modules might be a UPN instead of a plain name. If
the new parameter is enabled the returned name will be parsed and correctly
handled.

On the other hand, when translating a SID to a Unix ID the module first
resolves the SID to a domain + name, and then calls get[pw|gr]name() with the
plain name, or the UPN if the new parameter is enabled.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

docs-xml/manpages/idmap_nss.8.xml

@@ -42,6 +42,25 @@
 			remotely defined IDs.
 		</para></listitem>
 		</varlistentry>
+
+		<varlistentry>
+		<term>use_upn = &lt;yes | no&gt;</term>
+		<listitem>
+		<para>
+			Some NSS modules can return and handle UPNs and/or down-level
+			logon names (e.g., DOMAIN\user or user@REALM).
+		</para>
+		<para>
+			If this parameter is enabled the returned names from NSS will be
+			parsed and the resulting namespace will be used as the authoritative
+			namespace instead of the IDMAP domain name. Also, down-level logon
+			names will be sent to NSS instead of the plain username to give NSS
+			modules a hint about the user's correct domain.
+		</para>
+		<para>Default: no</para>
+		</listitem>
+		</varlistentry>
+
 	</variablelist>
 </refsect1>
 
@@ -76,4 +95,4 @@
 	</para>
 </refsect1>
 
-</refentry>
+</refentry>