svn commit: samba-docs r1074 - in trunk: manpages-3
smbdotconf/winbind
jerry at samba.org
jerry at samba.org
Wed Mar 21 20:22:13 GMT 2007
Author: jerry
Date: 2007-03-21 20:22:12 +0000 (Wed, 21 Mar 2007)
New Revision: 1074
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1074
Log:
more idmap doc updates
Modified:
trunk/manpages-3/idmap_ldap.8.xml
trunk/manpages-3/idmap_tdb.8.xml
trunk/smbdotconf/winbind/idmapbackend.xml
trunk/smbdotconf/winbind/idmapconfig.xml
trunk/smbdotconf/winbind/idmapdomains.xml
Changeset:
Modified: trunk/manpages-3/idmap_ldap.8.xml
===================================================================
--- trunk/manpages-3/idmap_ldap.8.xml 2007-03-21 19:38:36 UTC (rev 1073)
+++ trunk/manpages-3/idmap_ldap.8.xml 2007-03-21 20:22:12 UTC (rev 1074)
@@ -104,17 +104,17 @@
<programlisting>
[global]
- idmap domain = default
+ idmap domain = ALLDOMAINS
+ idmap config ALLDOMAINS:default = yes
+ idmap config ALLDOMAINS:backend = ldap
+ idmap config ALLDOMAINS:ldap_base_dn = ou=idmap,dc=example,dc=com
+ idmap config ALLDOMAINS:ldap_url = ldap://localhost/
+ idmap config default:range = 10000 - 50000
- idmap config default:backend = ldap
- idmap alloc backend:ldap_base_dn = ou=idmap,dc=example,dc=com
- idmap alloc backend:ldap_url = ldap://localhost/
- idmap config default:range = 10000 - 50000
-
idmap alloc backend = ldap
- idmap alloc backend:ldap_base_dn = ou=idmap,dc=example,dc=com
- idmap alloc backend:ldap_url = ldap://master.example.com/
- idmap alloc config:range = 10000 - 50000
+ idmap alloc config:ldap_base_dn = ou=idmap,dc=example,dc=com
+ idmap alloc config:ldap_url = ldap://master.example.com/
+ idmap alloc config:range = 10000 - 50000
</programlisting>
</refsect1>
Modified: trunk/manpages-3/idmap_tdb.8.xml
===================================================================
--- trunk/manpages-3/idmap_tdb.8.xml 2007-03-21 19:38:36 UTC (rev 1073)
+++ trunk/manpages-3/idmap_tdb.8.xml 2007-03-21 20:22:12 UTC (rev 1074)
@@ -66,11 +66,11 @@
<programlisting>
[global]
- idmap domain = default
+ idmap domain = ALLDOMAINS
+ idmap config ALLDOMAINS:default = yes
+ idmap config ALLDOMAINS:backend = tdb
+ idmap config ALLDOMAINS:range = 10000 - 50000
- idmap config default:backend = tdb
- idmap config default:range = 10000 - 50000
-
idmap alloc backend = tdb
idmap alloc config:range = 10000 - 50000
</programlisting>
Modified: trunk/smbdotconf/winbind/idmapbackend.xml
===================================================================
--- trunk/smbdotconf/winbind/idmapbackend.xml 2007-03-21 19:38:36 UTC (rev 1073)
+++ trunk/smbdotconf/winbind/idmapbackend.xml 2007-03-21 20:22:12 UTC (rev 1074)
@@ -24,7 +24,5 @@
</para>
</description>
-<value type="default"></value>
-<value type="example">ldap:ldap://ldapslave.example.com/</value>
-<value type="example">ad</value>
+<value type="default">tdb</value>
</samba:parameter>
Modified: trunk/smbdotconf/winbind/idmapconfig.xml
===================================================================
--- trunk/smbdotconf/winbind/idmapconfig.xml 2007-03-21 19:38:36 UTC (rev 1073)
+++ trunk/smbdotconf/winbind/idmapconfig.xml 2007-03-21 20:22:12 UTC (rev 1074)
@@ -8,24 +8,57 @@
The idmap config prefix provides a means of managing each domain
defined by the <smbconfoption name="idmap domains"/> option using Samba's
parameteric option support. The idmap config prefix should be
- followed by the name of the domain, a colon, and either the option
- name "backend" or a setting specific to the chosen
- backend.</para>
+ followed by the name of the domain, a colon, and a setting specific to
+ the chosen backend. There are three options available for all domains:
+ </para>
+ <variablelist>
+ <varlistentry>
+ <term>backend = backend_name</term>
+ <listitem><para>
+ Specifies the name of the idmap plugin to use as the
+ SID/uid/gid backend for this domain.
+ </para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>default = [yes|no]</term>
+ <listitem><para>
+ The default domain/backend will be used for searching for
+ users and groups not belonging to one of the explicitly
+ listed domains (matched by comparing the account SID and the
+ domain SID).
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>readonly = [yes|no]</term>
+ <listitem><para>
+ Mark the domain as readonly which means that no attempts to
+ allocate a uid or gid (by the <smbconfoption name="idmap alloc
+ backend"/>) for any user or group in that domain
+ will be attempted.
+ </para></listitem>
+ </varlistentry>
+ </variablelist>
+
<para>
The following example illustrates how to configure the <citerefentry>
<refentrytitle>idmap_ad</refentrytitle><manvolnum>8</manvolnum></citerefentry>
for the CORP domain and the <citerefentry><refentrytitle>idmap_tdb</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> backend for all other domains.
+ <manvolnum>8</manvolnum></citerefentry> backend for all other domains. The
+ TRUSTEDDOMAINS string is simply a key used to reference the "idmap
+ config" settings and does not represent the actual name of a domain.
</para>
<programlisting>
- idmap domains = CORP default
- idmap config CORP:backend = ad
- idmap config CORP:read_only = yes
- idmap config default:backend = tdb
- idmap config default:default = yes
- idmap config default:range = 1000 - 9999
+ idmap domains = CORP TRUSTEDDOMAINS
+
+ idmap config CORP:backend = ad
+ idmap config CORP:readonly = yes
+
+ idmap config TRUSTEDDOMAINS:backend = tdb
+ idmap config TRUSTEDDOMAINS:default = yes
+ idmap config TRUSTEDDOMAINS:range = 1000 - 9999
</programlisting>
</description>
Modified: trunk/smbdotconf/winbind/idmapdomains.xml
===================================================================
--- trunk/smbdotconf/winbind/idmapdomains.xml 2007-03-21 19:38:36 UTC (rev 1073)
+++ trunk/smbdotconf/winbind/idmapdomains.xml 2007-03-21 20:22:12 UTC (rev 1074)
@@ -12,9 +12,9 @@
</para>
<para>
- Values constist of the short domain name for Winbind's primary or collection
- of trusted domains. The keyword "default" is used to
- represent all domains not explicitly listed.
+ Values consist of the short domain name for Winbind's primary or collection
+ of trusted domains. You may also use an arbitrary string to represent a catchall
+ domain backend for any domain not explicitly listed.
</para>
<para>
More information about the samba-cvs
mailing list