svn commit: samba-docs r1081 - in trunk/manpages-3: .

idra at samba.org idra at samba.org
Wed Mar 21 21:23:17 GMT 2007 

Author: idra
Date: 2007-03-21 21:23:17 +0000 (Wed, 21 Mar 2007)
New Revision: 1081

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=1081

Log:

man page for IDMAP_AD


Modified:
   trunk/manpages-3/idmap_ad.8.xml


Changeset:
Modified: trunk/manpages-3/idmap_ad.8.xml
===================================================================
--- trunk/manpages-3/idmap_ad.8.xml	2007-03-21 20:56:27 UTC (rev 1080)
+++ trunk/manpages-3/idmap_ad.8.xml	2007-03-21 21:23:17 UTC (rev 1081)
@@ -15,17 +15,53 @@
 
 <refsynopsisdiv>
 	<title>DESCRIPTION</title>
-	<para>TODO</para>
+	<para>The idmap_ad plugin provides a way for Winbind to read
+	id mappings from an AD server that uses RFC2307/SFU schema
+	extensions. This module implements only the &quot;idmap&quot;
+	API, and is READONLY. Mappings must be provided in advance
+	by the administrator by adding the posixAccount/posixGroup
+	classess and relative attribute/value pairs to the users and
+	groups objects in AD</para>
 </refsynopsisdiv>
 
 <refsect1>
 	<title>IDMAP OPTIONS</title>
-	<para>TODO</para>
+
+	<variablelist>
+		<varlistentry>
+		<term>range = low - high</term>
+		<listitem><para>
+			Defines the available matching uid and gid range for which the
+			backend is authoritative. Note that the range acts as a filter.
+			If specified any UID or GID stored in AD that fall outside the
+			range is ignored and the corresponding map is discarded.
+			It is intended as a way to avoid accidental UID/GID overlaps
+			between local and remotely defined IDs.
+		</para></listitem>
 </refsect1>
 
 <refsect1>
 	<title>EXAMPLES</title>
-	<para>TODO</para>
+	<para>
+	The following example shows how to retrieve idmappings from our principal and
+	and trusted AD domains. All is needed is to set default to yes. If trusted
+	domains are present id conflicts must be resolved beforehand, there is no
+	guarantee on the order confliting mappings would be resolved at this point.
+
+	This example also shows how to leave a small non conflicting range for local
+	id allocation that may be used in internal backends like BULTIN.
+	</para>
+
+	<programlisting>
+	[global]
+	idmap domain = ALLDOMAINS
+	idmap config ALLDOMAINS:backend      = ad
+	idmap config ALLDOMAINS:default      = yes
+	idmap config ALLDOMAINS:range        = 10000 - 300000000
+
+	idmap alloc backend = tdb
+	idmap alloc config:range        = 5000 - 9999
+	</programlisting>
 </refsect1>
 
 <refsect1>

More information about the samba-cvs mailing list