[SCM] Samba Shared Repository - branch v3-6-test updated

Michael Adam obnox at samba.org
Tue Dec 7 13:23:51 MST 2010


The branch, v3-6-test has been updated
       via  329d865 docs: clarify the idmap_rid manpage (bug #7788)
       via  18cd0fe docs: clarify the idmap_ad manpage (bug #6322)
      from  f7073e9 Make sure that user exists after running add user script before adding sam account.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 329d865e326673dd534456189b1b52ed052ace62
Author: Michael Adam <obnox at samba.org>
Date:   Tue Dec 7 17:30:27 2010 +0100

    docs: clarify the idmap_rid manpage (bug #7788)
    
    The idmap_rid module should not be used as a default backend.
    Also mention that the old snytax "idmap backend = rid:domain=range ..."
    is not supported any more.
    
    Autobuild-User: Michael Adam <obnox at samba.org>
    Autobuild-Date: Tue Dec  7 19:07:57 CET 2010 on sn-devel-104
    (cherry picked from commit a52a587783e058f75815fa8add1f46b1c1d6f2d3)

commit 18cd0fe87277e08d4fbcf59be7b5ccba225f6750
Author: Michael Adam <obnox at samba.org>
Date:   Tue Dec 7 15:47:52 2010 +0100

    docs: clarify the idmap_ad manpage (bug #6322)
    
    The idmap_ad module can not be used as a default backend.
    (cherry picked from commit 91d9cb48a5224c7dc443747505f9dd1071f822ed)

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/manpages-3/idmap_ad.8.xml  |   17 +++++++++++++++++
 docs-xml/manpages-3/idmap_rid.8.xml |   18 ++++++++++++++++++
 2 files changed, 35 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages-3/idmap_ad.8.xml b/docs-xml/manpages-3/idmap_ad.8.xml
index 9b445df..3ecb07e 100644
--- a/docs-xml/manpages-3/idmap_ad.8.xml
+++ b/docs-xml/manpages-3/idmap_ad.8.xml
@@ -25,6 +25,23 @@
 	by the administrator by adding the posixAccount/posixGroup
 	classes and relative attribute/value pairs to the user and
 	group objects in the AD.</para>
+
+	<para>
+	Note that the idmap_ad module has changed considerably since
+	Samba versions 3.0 and 3.2.
+	Currently, the <parameter>ad</parameter> backend
+	does not work as the the default idmap backend, but one has
+	to configure it separately for each domain for which one wants
+	to use it, using disjoint ranges. One usually needs to configure
+	a writeable default idmap range, using for example the
+	<parameter>tdb</parameter> or <parameter>ldap</parameter>)
+	backend, in order to be able to map the BUILTIN sids and
+	possibly other trusted domains. The writeable default config
+	is also needed in order to be able to create group mappings.
+	This catch-all default idmap configuration should have a range
+	that is disjoint from any explicitly configured domain with
+	idmap backend <parameter>ad</parameter>. See the example below.
+	</para>
 </refsynopsisdiv>
 
 <refsect1>
diff --git a/docs-xml/manpages-3/idmap_rid.8.xml b/docs-xml/manpages-3/idmap_rid.8.xml
index 33200b8..a2a1c58 100644
--- a/docs-xml/manpages-3/idmap_rid.8.xml
+++ b/docs-xml/manpages-3/idmap_rid.8.xml
@@ -21,6 +21,24 @@
 	<para>The idmap_rid backend provides a way to use an algorithmic
 	mapping scheme to map UIDs/GIDs and SIDs. No database is required
 	in this case as the mapping is deterministic.</para>
+
+	<para>
+	Note that the idmap_rid module has changed considerably since Samba
+	versions 3.0. and 3.2.
+	Currently, there should to be an explicit idmap configuration for each
+	domain that should use the idmap_rid backend, using disjoint ranges.
+	One usually needs to define a writeable default idmap range, using
+	a backent like <parameter>tdb</parameter> or <parameter>ldap</parameter>
+	that can create unix ids, in order to be able to map the BUILTIN sids
+	and other domains, and also in order to be able to create group mappings.
+	See the example below.
+	</para>
+
+	<para>
+	Note that the old syntax
+	<parameter>idmap backend = rid:"DOM1=range DOM2=range2 ..."</parameter>
+	is not supported any more since Samba version 3.0.25.
+	</para>
 </refsynopsisdiv>
 
 <refsect1>


-- 
Samba Shared Repository


More information about the samba-cvs mailing list