svn commit: samba-docs r1067 - in trunk/smbdotconf/winbind: .
jerry at samba.org
jerry at samba.org
Wed Mar 21 15:10:59 GMT 2007
Author: jerry
Date: 2007-03-21 15:10:58 +0000 (Wed, 21 Mar 2007)
New Revision: 1067
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1067
Log:
man page updates for new idmap options (still a work in progress)
Added:
trunk/smbdotconf/winbind/idmapconfig.xml
trunk/smbdotconf/winbind/idmapdomains.xml
Modified:
trunk/smbdotconf/winbind/idmapbackend.xml
trunk/smbdotconf/winbind/winbindtrusteddomainsonly.xml
Changeset:
Modified: trunk/smbdotconf/winbind/idmapbackend.xml
===================================================================
--- trunk/smbdotconf/winbind/idmapbackend.xml 2007-03-20 13:05:44 UTC (rev 1066)
+++ trunk/smbdotconf/winbind/idmapbackend.xml 2007-03-21 15:10:58 UTC (rev 1067)
@@ -1,37 +1,30 @@
<samba:parameter name="idmap backend"
context="G"
- type="string"
+ type="string"
advanced="1" developer="1" hide="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
- The purpose of the idmap backend parameter is to allow idmap to NOT use the local idmap
- tdb file to obtain SID to UID / GID mappings for unmapped SIDs, but instead to obtain them from a common
- LDAP backend. This way all domain members and controllers will have the same UID and GID
- to SID mappings. This avoids the risk of UID / GID inconsistencies across UNIX / Linux
- systems that are sharing information over protocols other than SMB/CIFS (ie: NFS).
+ The idmap backend provides a plugin interface for Winbind to use
+ varying backends to store SID/uid/gid mapping tables. This
+ option is mutually exclusive with the newer and more flexible
+ <smbconfoption name="idmap domains"/> parameter. The main difference
+ between the "idmap backend" and the "idmap domains"
+ is that the former only allows on backend for all domains while the
+ latter supports configuring backends on a per domain basis.
</para>
+ <para>Examples of SID/uid/gid backends include tdb (<citerefentry>
+ <refentrytitle>idmap_tdb</refentrytitle><manvolnum>8</manvolnum></citerefentry>),
+ ldap (<citerefentry><refentrytitle>idmap_ldap</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>), rid (<citerefentry>
+ <refentrytitle>idmap_rid</refentrytitle><manvolnum>8</manvolnum></citerefentry>),
+ and ad (<citerefentry><refentrytitle>idmap_tdb</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>).
<para>
- An alternate method of SID to UID / GID mapping can be achieved using the rid
- plug-in. This plug-in uses the account RID to derive the UID and GID by adding the
- RID to a base value specified. This utility requires that the parameter
- <quote>allow trusted domains = No</quote> must be specified, as it is not compatible
- with multiple domain environments. The idmap uid and idmap gid ranges must also be
- specified.
- </para>
-
- <para>
- Finally, using the ad module, the UID and GID can directly
- be retrieved from an Active Directory LDAP Server that supports an
- RFC2307 compliant LDAP schema. ad supports "Services for Unix"
- (SFU) version 2.x and 3.0.
- </para>
-
</description>
<value type="default"></value>
-<value type="example">ldap:ldap://ldapslave.example.com</value>
-<value type="example">rid:"BUILTIN=1000-1999,DOMNAME=2000-100000000"</value>
+<value type="example">ldap:ldap://ldapslave.example.com/</value>
<value type="example">ad</value>
</samba:parameter>
Added: trunk/smbdotconf/winbind/idmapconfig.xml
===================================================================
--- trunk/smbdotconf/winbind/idmapconfig.xml 2007-03-20 13:05:44 UTC (rev 1066)
+++ trunk/smbdotconf/winbind/idmapconfig.xml 2007-03-21 15:10:58 UTC (rev 1067)
@@ -0,0 +1,32 @@
+<samba:parameter name="idmap config"
+ context="G"
+ type="string"
+ advanced="1" developer="1" hide="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ The idmap config prefix provides a means of managing each domain
+ defined by the <smbconfoption name="idmap domains"/> option using Samba's
+ parameteric option support. The idmap config prefix should be
+ followed by the name of the domain, a colon, and either the option
+ name "backend" or a setting specific to the chosen
+ backend.</para>
+
+ <para>
+ The following example illustrates how to configure the <citerefentry>
+ <refentrytitle>idmap_ad</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ for the CORP domain and the <citerefentry><refentrytitle>idmap_tdb</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> backend for all other domains.
+ </para>
+
+ <programlisting>
+ idmap domains = CORP default
+ idmap config CORP:backend = ad
+ idmap config CORP:read_only = yes
+ idmap config default:backend = tdb
+ idmap config default:default = yes
+ idmap config default:range = 1000 - 9999
+ </programlisting>
+
+</description>
+</samba:parameter>
Added: trunk/smbdotconf/winbind/idmapdomains.xml
===================================================================
--- trunk/smbdotconf/winbind/idmapdomains.xml 2007-03-20 13:05:44 UTC (rev 1066)
+++ trunk/smbdotconf/winbind/idmapdomains.xml 2007-03-21 15:10:58 UTC (rev 1067)
@@ -0,0 +1,27 @@
+<samba:parameter name="idmap domains"
+ context="G"
+ type="string"
+ advanced="1" developer="1" hide="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ The idmap domains option defines a list of Windows domains which will each
+ have a separately configured backend for managing Winbind's SID/uid/gid
+ tables. This parameter is mutually exclusive with the older <smbconfoption
+ name="idmap backend"/> option.
+ </para>
+
+ <para>
+ Values constist of the short domain name for Winbind's primary or collection
+ of trusted domains. The keyword "default" is used to
+ represent all domains not explicitly listed.
+ </para>
+
+ <para>
+ Refer to the <smbconfoption name="idmap config"/> for details about
+ managing the SID/uid/gid backend for each domain.
+ </para>
+</description>
+
+<value type="example">default AD CORP</value>
+</samba:parameter>
Modified: trunk/smbdotconf/winbind/winbindtrusteddomainsonly.xml
===================================================================
--- trunk/smbdotconf/winbind/winbindtrusteddomainsonly.xml 2007-03-20 13:05:44 UTC (rev 1066)
+++ trunk/smbdotconf/winbind/winbindtrusteddomainsonly.xml 2007-03-21 15:10:58 UTC (rev 1067)
@@ -1,15 +1,23 @@
<samba:parameter name="winbind trusted domains only"
context="G"
- type="boolean"
+ type="boolean"
advanced="1" developer="1"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
- This parameter is designed to allow Samba servers that are members of a Samba controlled domain to use
- UNIX accounts distributed via NIS, rsync, or LDAP as the uid's for winbindd users in the hosts primary domain.
- Therefore, the user <literal>DOMAIN\user1</literal> would be mapped to the account user1 in /etc/passwd
- instead of allocating a new uid for him or her.
+ This parameter is designed to allow Samba servers that are members
+ of a Samba controlled domain to use UNIX accounts distributed via NIS,
+ rsync, or LDAP as the uid's for winbindd users in the hosts primary domain.
+ Therefore, the user <literal>DOMAIN\user1</literal> would be mapped to
+ the account user1 in /etc/passwd instead of allocating a new uid for him or her.
</para>
+
+ <para>
+ This parameter is not deprecated in favor of the newer idmap_nss backend.
+ Refer to the <smbconfoption name="idmap domains"/> smb.conf option and
+ the <citerefentry><refentrytitle>idmap_nss</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> man page for more information.
+ </para>
</description>
<value type="default">no</value>
More information about the samba-cvs
mailing list