[SCM] Samba Shared Repository - branch v3-6-test updated
Karolin Seeger
kseeger at samba.org
Sun Jun 5 12:15:51 MDT 2011
The branch, v3-6-test has been updated
via 36c9a94 s3:doc: update the ldap_user_dn documentation in the idmap_ldap manpage
via ed54e2a idmap_ldap.8: Add example with readonly backend
via 2c3a745 s3:doc: clean up the example section of the idmap_tdb manpage
via e1709a6 winbindd.8: Use new idmap syntax for smbconfoptions
via 16369ac s3:doc: document "idmap gid" as deprecated.
via b3ae1c3 s3:doc: document "idmap uid" as deprecated.
via f15abb1 s3:doc: remove the documentation of "idmap alloc backend", which has been removed
via 3c8a743 s3:doc: document "idmap backend" as deprecated.
via 5ea21ca s3:doc: update documentation of the "idmap config FOO : BAR" familiy of parameters
via 6a7bcff winbindd.8: Fix typo
via 8bc2980 idmap_tdb.8: Remove reference to idmap uid and idmap gid options as fallback
via 1ec7b0d idmap_tdb.8: Remove references to alloc backend
via c867ebb idmap_tdb.8: Use new idmap syntax in examples
via 40fbab5 idmap_ldap.8: Remove reference to idmap uid and idmap gid options as fallback
via 5e76967 idmap_ldap.8: Backend is not only used for searching
via a1eb060 idmap_ldap.8: Remove references to idmap alloc backend
via 9ea550b idmap_ldap.8: Rework example to use new idmap syntax
via 7b3df5e idmap_tdb2.8: Remove mentioning of deprecated idmap uid and idmap gid options as fallback
via f5bfc20 idmap_tdb2.8: Avoid confusion with idmap uid and idmap gid options
via 811a8c8 idmap_tdb2.8: Remove part about alloc backend
via 838e0db idmap_tdb2.8: Use new syntax in example
via ac72323 winbindd.8: Use new syntax in example
via 3fbfc96 wbinfo.1: Avoid confusion with idmap uid option
via b21c3ca idmap_autorid.8: Avoid confusion with idmap uid and idmap gid options
via 4e842a3 idmap_autorid.8: Use new syntax in autorid backend examples
via f8e75b4 idmap_rid.8: Use new syntax in rid backend example
via 6716667 idmap_nss.8: Use new syntax for nss backend
via b5e64725 idmap_hash.8: Use new syntax for hash backend
via 28eb61a idmap_adex.8: Use new syntax in adex backend example
via 3bf807f idmap_ad.8: use new syntax in ad backend example
from 65a59d6 replace: remove waring if IOV_MAX is not defined
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 36c9a94bc132e738d68e40288b213a895b835e6b
Author: Michael Adam <obnox at samba.org>
Date: Wed Jun 1 01:19:50 2011 +0200
s3:doc: update the ldap_user_dn documentation in the idmap_ldap manpage
also extend the example with ldap_user_dn.
Autobuild-User: Michael Adam <obnox at samba.org>
Autobuild-Date: Wed Jun 1 02:53:32 CEST 2011 on sn-devel-104
commit ed54e2a35234e3519fcc7d0a4587e39ceff36f6a
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 23:28:57 2011 +0200
idmap_ldap.8: Add example with readonly backend
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit 2c3a74542b81829c919ff70838edd070c65657d9
Author: Michael Adam <obnox at samba.org>
Date: Tue May 31 18:09:14 2011 +0200
s3:doc: clean up the example section of the idmap_tdb manpage
Autobuild-User: Michael Adam <obnox at samba.org>
Autobuild-Date: Tue May 31 19:47:45 CEST 2011 on sn-devel-104
commit e1709a664872a658e121bae673ab858753a157bf
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 17:21:09 2011 +0200
winbindd.8: Use new idmap syntax for smbconfoptions
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit 16369ac9d84d9abd349bbf777ab6394b7b3ea942
Author: Michael Adam <obnox at samba.org>
Date: Tue May 31 10:29:37 2011 +0200
s3:doc: document "idmap gid" as deprecated.
Autobuild-User: Michael Adam <obnox at samba.org>
Autobuild-Date: Tue May 31 11:39:38 CEST 2011 on sn-devel-104
commit b3ae1c3694d576ecb414290be759f3f5a9eac5d4
Author: Michael Adam <obnox at samba.org>
Date: Tue May 31 10:29:08 2011 +0200
s3:doc: document "idmap uid" as deprecated.
commit f15abb1a16329460cab64d9708caac1a67cb5988
Author: Michael Adam <obnox at samba.org>
Date: Tue May 31 10:08:44 2011 +0200
s3:doc: remove the documentation of "idmap alloc backend", which has been removed
commit 3c8a743a875db9d68d12cd6d4175f2217f4ecd8b
Author: Michael Adam <obnox at samba.org>
Date: Tue May 31 10:07:59 2011 +0200
s3:doc: document "idmap backend" as deprecated.
commit 5ea21cadfa1b895a8fdf9310184daa651c4c6c03
Author: Michael Adam <obnox at samba.org>
Date: Tue May 31 10:03:18 2011 +0200
s3:doc: update documentation of the "idmap config FOO : BAR" familiy of parameters
commit 6a7bcff808e75099771ee0409c4e2457b05e30a5
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:39 2011 +0200
winbindd.8: Fix typo
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
Autobuild-User: Michael Adam <obnox at samba.org>
Autobuild-Date: Tue May 31 02:56:52 CEST 2011 on sn-devel-104
commit 8bc2980ad18f1e0a51b3b496e40f46c756513885
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:38 2011 +0200
idmap_tdb.8: Remove reference to idmap uid and idmap gid options as fallback
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit 1ec7b0df60769b39ed0fd4be558abbb679dfe504
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:37 2011 +0200
idmap_tdb.8: Remove references to alloc backend
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit c867ebb7b70ab886ff740fc3826b2801beaf8718
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:36 2011 +0200
idmap_tdb.8: Use new idmap syntax in examples
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit 40fbab5b48089390a61e7c8432f41c83daf7cd8d
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:35 2011 +0200
idmap_ldap.8: Remove reference to idmap uid and idmap gid options as fallback
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit 5e76967221a7281187aee534c662bf4eeb3ab338
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:34 2011 +0200
idmap_ldap.8: Backend is not only used for searching
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit a1eb060670be257c2bc76f1033036a8aef27d070
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:33 2011 +0200
idmap_ldap.8: Remove references to idmap alloc backend
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit 9ea550bf905e39ca47b8ca2bb56d34a368c04b65
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:32 2011 +0200
idmap_ldap.8: Rework example to use new idmap syntax
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit 7b3df5ebd08312b9c20cc4c6e9232d4b569219d1
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:31 2011 +0200
idmap_tdb2.8: Remove mentioning of deprecated idmap uid and idmap gid options as fallback
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit f5bfc2078ea4a1ead53856661390d32d3d4b6754
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:30 2011 +0200
idmap_tdb2.8: Avoid confusion with idmap uid and idmap gid options
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit 811a8c86cb16b9271bfe7441c8d53803b97fb5a3
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:29 2011 +0200
idmap_tdb2.8: Remove part about alloc backend
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit 838e0db43be446dbe72a527b87cde42aa86996f6
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:28 2011 +0200
idmap_tdb2.8: Use new syntax in example
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit ac7232346df2b1c555a0f6e7fca4f04b0965d112
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:27 2011 +0200
winbindd.8: Use new syntax in example
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit 3fbfc960714f6f2e6a9ce6f80c5f79887861e5f6
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:26 2011 +0200
wbinfo.1: Avoid confusion with idmap uid option
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit b21c3ca8e441fe13aec0c5dfd423e0d74c6ac9c2
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:25 2011 +0200
idmap_autorid.8: Avoid confusion with idmap uid and idmap gid options
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit 4e842a3d1d725b960a75053140585fff378f08ee
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:24 2011 +0200
idmap_autorid.8: Use new syntax in autorid backend examples
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit f8e75b44a0c49832d95eba1d1de728fd846f5c3a
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:23 2011 +0200
idmap_rid.8: Use new syntax in rid backend example
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit 6716667b7cf5c5b27008e6e10e5b30f9b20442ca
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:22 2011 +0200
idmap_nss.8: Use new syntax for nss backend
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit b5e64725f3462ada0579529280aea0bc1963ad11
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:21 2011 +0200
idmap_hash.8: Use new syntax for hash backend
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit 28eb61ae0c7e1917e728d9dcad900f92e16230fd
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:20 2011 +0200
idmap_adex.8: Use new syntax in adex backend example
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
commit 3bf807f70bd9ca6ffe319b497190a9492eae3b10
Author: Luk Claes <luk at debian.org>
Date: Tue May 31 00:26:19 2011 +0200
idmap_ad.8: use new syntax in ad backend example
Signed-off-by: Luk Claes <luk at debian.org>
Signed-off-by: Michael Adam <obnox at samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages-3/idmap_ad.8.xml | 5 +-
docs-xml/manpages-3/idmap_adex.8.xml | 5 +-
docs-xml/manpages-3/idmap_autorid.8.xml | 12 +--
docs-xml/manpages-3/idmap_hash.8.xml | 5 +-
docs-xml/manpages-3/idmap_ldap.8.xml | 107 ++++++++-------------
docs-xml/manpages-3/idmap_nss.8.xml | 5 +-
docs-xml/manpages-3/idmap_rid.8.xml | 5 +-
docs-xml/manpages-3/idmap_tdb.8.xml | 55 +----------
docs-xml/manpages-3/idmap_tdb2.8.xml | 30 +-----
docs-xml/manpages-3/wbinfo.1.xml | 2 +-
docs-xml/manpages-3/winbindd.8.xml | 18 ++--
docs-xml/smbdotconf/winbind/idmapallocconfig.xml | 14 ---
docs-xml/smbdotconf/winbind/idmapbackend.xml | 35 +-------
docs-xml/smbdotconf/winbind/idmapconfig.xml | 103 +++++++++++++++++----
docs-xml/smbdotconf/winbind/idmapgid.xml | 13 +--
docs-xml/smbdotconf/winbind/idmapuid.xml | 12 +--
16 files changed, 168 insertions(+), 258 deletions(-)
delete mode 100644 docs-xml/smbdotconf/winbind/idmapallocconfig.xml
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages-3/idmap_ad.8.xml b/docs-xml/manpages-3/idmap_ad.8.xml
index e628f0c..fbadaf2 100644
--- a/docs-xml/manpages-3/idmap_ad.8.xml
+++ b/docs-xml/manpages-3/idmap_ad.8.xml
@@ -85,9 +85,8 @@
<programlisting>
[global]
- idmap backend = tdb
- idmap uid = 1000000-1999999
- idmap gid = 1000000-1999999
+ idmap config * : backend = tdb
+ idmap config * : range = 1000000-1999999
idmap config CORP : backend = ad
idmap config CORP : range = 1000-999999
diff --git a/docs-xml/manpages-3/idmap_adex.8.xml b/docs-xml/manpages-3/idmap_adex.8.xml
index 7349caa..16d12cd 100644
--- a/docs-xml/manpages-3/idmap_adex.8.xml
+++ b/docs-xml/manpages-3/idmap_adex.8.xml
@@ -66,9 +66,8 @@
<programlisting>
[global]
- idmap backend = adex
- idmap uid = 1000-4000000000
- idmap gid = 1000-4000000000
+ idmap config * : backend = adex
+ idmap config * : range = 1000-4000000000
winbind nss info = adex
winbind normalize names = yes
diff --git a/docs-xml/manpages-3/idmap_autorid.8.xml b/docs-xml/manpages-3/idmap_autorid.8.xml
index 38790ea..3a56555 100644
--- a/docs-xml/manpages-3/idmap_autorid.8.xml
+++ b/docs-xml/manpages-3/idmap_autorid.8.xml
@@ -88,9 +88,8 @@
workgroup = CUSTOMER
realm = CUSTOMER.COM
- idmap backend = autorid
- idmap uid = 1000000-1999999
- idmap gid = 1000000-1999999
+ idmap config * : backend = autorid
+ idmap config * : range = 1000000-1999999
</programlisting>
@@ -98,7 +97,7 @@
This example shows how to configure idmap_autorid as default
for all domains with a potentially large amount of users
plus a specific configuration for a trusted domain
- that uses the SFU mapping scheme. Please note that idmap uid/gid
+ that uses the SFU mapping scheme. Please note that idmap
ranges and sfu ranges are not allowed to overlap.
</para>
@@ -108,10 +107,9 @@
workgroup = CUSTOMER
realm = CUSTOMER.COM
- idmap backend = autorid
+ idmap config * : backend = autorid
+ idmap config * : range = 1000000-19999999
autorid:rangesize = 1000000
- idmap uid = 1000000-19999999
- idmap gid = 1000000-19999999
idmap config TRUSTED : backend = ad
idmap config TRUSTED : range = 50000 - 99999
diff --git a/docs-xml/manpages-3/idmap_hash.8.xml b/docs-xml/manpages-3/idmap_hash.8.xml
index 2bbae71..f3ec6a7 100644
--- a/docs-xml/manpages-3/idmap_hash.8.xml
+++ b/docs-xml/manpages-3/idmap_hash.8.xml
@@ -52,9 +52,8 @@
<programlisting>
[global]
- idmap backend = hash
- idmap uid = 1000-4000000000
- idmap gid = 1000-4000000000
+ idmap config * : backend = hash
+ idmap config * : range = 1000-4000000000
winbind nss info = hash
winbind normalize names = yes
diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml b/docs-xml/manpages-3/idmap_ldap.8.xml
index e3588b9..e68f278 100644
--- a/docs-xml/manpages-3/idmap_ldap.8.xml
+++ b/docs-xml/manpages-3/idmap_ldap.8.xml
@@ -27,26 +27,9 @@
<para>
In contrast to read only backends like idmap_rid, it is an allocating
backend: This means that it needs to allocate new user and group IDs in
- order to create new mappings. The allocator can be provided by the
- idmap_ldap backend itself or by any other allocating backend like
- idmap_tdb or idmap_tdb2. This is configured with the
- parameter <parameter>idmap alloc backend</parameter>.
+ order to create new mappings.
</para>
- <para>
- Note that in order for this (or any other allocating) backend to
- function at all, the default backend needs to be writeable.
- The ranges used for uid and gid allocation are the default ranges
- configured by "idmap uid" and "idmap gid".
- </para>
-
- <para>
- Furthermore, since there is only one global allocating backend
- responsible for all domains using writeable idmap backends,
- any explicitly configured domain with idmap backend ldap
- should have the same range as the default range, since it needs
- to use the global uid / gid allocator. See the example below.
- </para>
</refsynopsisdiv>
<refsect1>
@@ -56,7 +39,7 @@
<varlistentry>
<term>ldap_base_dn = DN</term>
<listitem><para>
- Defines the directory base suffix to use when searching for
+ Defines the directory base suffix to use for
SID/uid/gid mapping entries. If not defined, idmap_ldap will default
to using the "ldap idmap suffix" option from smb.conf.
</para></listitem>
@@ -65,15 +48,21 @@
<varlistentry>
<term>ldap_user_dn = DN</term>
<listitem><para>
- Defines the user DN to be used for authentication. If absent an
- anonymous bind will be performed.
+ Defines the user DN to be used for authentication.
+ The secret for authenticating this user should be
+ stored with net idmap secret
+ (see <citerefentry><refentrytitle>net</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>).
+ If absent, the ldap credentials from the ldap passdb configuration
+ are used, and if these are also absent, an anonymous
+ bind will be performed as last fallback.
</para></listitem>
</varlistentry>
<varlistentry>
<term>ldap_url = ldap://server/</term>
<listitem><para>
- Specifies the LDAP server to use when searching for existing
+ Specifies the LDAP server to use for
SID/uid/gid map entries. If not defined, idmap_ldap will
assume that ldap://localhost/ should be used.
</para></listitem>
@@ -84,64 +73,50 @@
<listitem><para>
Defines the available matching uid and gid range for which the
backend is authoritative.
- If the parameter is absent, Winbind fails over to use the
- "idmap uid" and "idmap gid" options
- from smb.conf.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
- <title>IDMAP ALLOC OPTIONS</title>
-
- <variablelist>
- <varlistentry>
- <term>ldap_base_dn = DN</term>
- <listitem><para>
- Defines the directory base suffix under which new SID/uid/gid mapping
- entries should be stored. If not defined, idmap_ldap will default
- to using the "ldap idmap suffix" option from smb.conf.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term>ldap_user_dn = DN</term>
- <listitem><para>
- Defines the user DN to be used for authentication. If absent an
- anonymous bind will be performed.
- </para></listitem>
- </varlistentry>
-
- <varlistentry>
- <term>ldap_url = ldap://server/</term>
- <listitem><para>
- Specifies the LDAP server to which modify/add/delete requests should
- be sent. If not defined, idmap_ldap will assume that ldap://localhost/
- should be used.
- </para></listitem>
- </varlistentry>
- </variablelist>
-</refsect1>
-
-<refsect1>
<title>EXAMPLES</title>
<para>
- The follow sets of a LDAP configuration which uses two LDAP
- directories, one for storing the ID mappings and one for retrieving
- new IDs.
+ The following example shows how an ldap directory is used as the
+ default idmap backend. It also configures the idmap range and base
+ directory suffix. The secret for the ldap_user_dn has to be set with
+ "net idmap secret '*' password".
</para>
<programlisting>
[global]
- idmap backend = ldap:ldap://localhost/
- idmap uid = 1000000-1999999
- idmap gid = 1000000-1999999
+ idmap config * : backend = ldap
+ idmap config * : range = 1000000-1999999
+ idmap config * : ldap_url = ldap://localhost/
+ idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com
+ idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com
+ </programlisting>
+
+ <para>
+ This example shows how ldap can be used as a readonly backend while
+ tdb is the default backend used to store the mappings.
+ It adds an explicit configuration for some domain DOM1, that
+ uses the ldap idmap backend. Note that a range disjoint from the
+ default range is used.
+ </para>
- idmap alloc backend = ldap
- idmap alloc config : ldap_url = ldap://id-master/
- idmap alloc config : ldap_base_dn = ou=idmap,dc=example,dc=com
+ <programlisting>
+ [global]
+ # "backend = tdb" is redundant here since it is the default
+ idmap config * : backend = tdb
+ idmap config * : range = 1000000-1999999
+
+ idmap config DOM1 : backend = ldap
+ idmap config DOM1 : range = 2000000-2999999
+ idmap config DOM1 : read only = yes
+ idmap config DOM1 : ldap_url = ldap://server/
+ idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com
+ idmap config DOM1 : ldap_user_dn = cn=idmap_admin,dc=dom1,dc=example,dc=com
</programlisting>
</refsect1>
diff --git a/docs-xml/manpages-3/idmap_nss.8.xml b/docs-xml/manpages-3/idmap_nss.8.xml
index a7fdca0..576eef6 100644
--- a/docs-xml/manpages-3/idmap_nss.8.xml
+++ b/docs-xml/manpages-3/idmap_nss.8.xml
@@ -38,9 +38,8 @@
<programlisting>
[global]
- idmap backend = tdb
- idmap uid = 1000000-1999999
- idmap gid = 1000000-1999999
+ idmap config * : backend = tdb
+ idmap config * : range = 1000000-1999999
idmap config SAMBA : backend = nss
idmap config SAMBA : range = 1000-999999
diff --git a/docs-xml/manpages-3/idmap_rid.8.xml b/docs-xml/manpages-3/idmap_rid.8.xml
index a2a1c58..a29e978 100644
--- a/docs-xml/manpages-3/idmap_rid.8.xml
+++ b/docs-xml/manpages-3/idmap_rid.8.xml
@@ -106,9 +106,8 @@
security = domain
workgroup = MAIN
- idmap backend = tdb
- idmap uid = 1000000-1999999
- idmap gid = 1000000-1999999
+ idmap config * : backend = tdb
+ idmap config * : range = 1000000-1999999
idmap config MAIN : backend = rid
idmap config MAIN : range = 10000 - 49999
diff --git a/docs-xml/manpages-3/idmap_tdb.8.xml b/docs-xml/manpages-3/idmap_tdb.8.xml
index 06a2967..c67d6cb 100644
--- a/docs-xml/manpages-3/idmap_tdb.8.xml
+++ b/docs-xml/manpages-3/idmap_tdb.8.xml
@@ -27,25 +27,7 @@
<para>
In contrast to read only backends like idmap_rid, it is an allocating
backend: This means that it needs to allocate new user and group IDs in
- order to create new mappings. The allocator can be provided by the
- idmap_tdb backend itself or by any other allocating backend like
- idmap_ldap or idmap_tdb2. This is configured with the
- parameter <parameter>idmap alloc backend</parameter>.
- </para>
-
- <para>
- Note that in order for this (or any other allocating) backend to
- function at all, the default backend needs to be writeable.
- The ranges used for uid and gid allocation are the default ranges
- configured by "idmap uid" and "idmap gid".
- </para>
-
- <para>
- Furthermore, since there is only one global allocating backend
- responsible for all domains using writeable idmap backends,
- any explicitly configured domain with idmap backend tdb
- should have the same range as the default range, since it needs
- to use the global uid / gid allocator. See the example below.
+ order to create new mappings.
</para>
</refsynopsisdiv>
@@ -58,9 +40,6 @@
<listitem><para>
Defines the available matching uid and gid range for which the
backend is authoritative.
- If the parameter is absent, Winbind fails over to use
- the "idmap uid" and "idmap gid" options
- from smb.conf.
</para></listitem>
</varlistentry>
</variablelist>
@@ -71,38 +50,14 @@
<para>
This example shows how tdb is used as a the default idmap backend.
- It configures the idmap range through the global options for all
- domains encountered. This same range is used for uid/gid allocation.
- </para>
-
- <programlisting>
- [global]
- # "idmap backend = tdb" is redundant here since it is the default
- idmap backend = tdb
- idmap uid = 1000000-2000000
- idmap gid = 1000000-2000000
- </programlisting>
-
- <para>
- This (rather theoretical) example shows how tdb can be used as the
- allocating backend while ldap is the default backend used to store
- the mappings.
- It adds an explicit configuration for some domain DOM1, that
- uses the tdb idmap backend. Note that the same range as the
- default uid/gid range is used, since the allocator has to serve
- both the default backend and the explicitly configured domain DOM1.
+ This configured range is used for uid and gid allocation.
</para>
<programlisting>
[global]
- idmap backend = ldap
- idmap uid = 1000000-2000000
- idmap gid = 1000000-2000000
- # use a different uid/gid allocator:
- idmap alloc backend = tdb
-
- idmap config DOM1 : backend = tdb
- idmap config DOM1 : range = 1000000-2000000
+ # "backend = tdb" is redundant here since it is the default
+ idmap config * : backend = tdb
+ idmap config * : range = 1000000-2000000
</programlisting>
</refsect1>
diff --git a/docs-xml/manpages-3/idmap_tdb2.8.xml b/docs-xml/manpages-3/idmap_tdb2.8.xml
index a5d1080..980ffe6 100644
--- a/docs-xml/manpages-3/idmap_tdb2.8.xml
+++ b/docs-xml/manpages-3/idmap_tdb2.8.xml
@@ -28,25 +28,7 @@
<para>
In contrast to read only backends like idmap_rid, it is an allocating
backend: This means that it needs to allocate new user and group IDs in
- order to create new mappings. The allocator can be provided by the
- idmap_tdb2 backend itself or by any other allocating backend like
- idmap_tdb or idmap_ldap. This is configured with the
- parameter <parameter>idmap alloc backend</parameter>.
- </para>
-
- <para>
- Note that in order for this (or any other allocating) backend to
- function at all, the default backend needs to be writeable.
- The ranges used for uid and gid allocation are the default ranges
- configured by "idmap uid" and "idmap gid".
- </para>
-
- <para>
- Furthermore, since there is only one global allocating backend
- responsible for all domains using writeable idmap backends,
- any explicitly configured domain with idmap backend tdb2
- should have the same range as the default range, since it needs
- to use the global uid / gid allocator. See the example below.
+ order to create new mappings.
</para>
</refsynopsisdiv>
@@ -59,9 +41,6 @@
<listitem><para>
Defines the available matching uid and gid range for which the
backend is authoritative.
- If the parameter is absent, Winbind fails over to use
- the "idmap uid" and "idmap gid" options
- from smb.conf.
</para></listitem>
</varlistentry>
</variablelist>
@@ -108,14 +87,13 @@
<para>
This example shows how tdb2 is used as a the default idmap backend.
It configures the idmap range through the global options for all
- domains encountered. This same range is used for uid/gid allocation.
+ domains encountered.
</para>
<programlisting>
[global]
- idmap backend = tdb2
- idmap uid = 1000000-2000000
- idmap gid = 1000000-2000000
+ idmap config * : backend = tdb2
+ idmap config * : range = 1000000-2000000
</programlisting>
</refsect1>
diff --git a/docs-xml/manpages-3/wbinfo.1.xml b/docs-xml/manpages-3/wbinfo.1.xml
index c1b2c1f..0701d08 100644
--- a/docs-xml/manpages-3/wbinfo.1.xml
+++ b/docs-xml/manpages-3/wbinfo.1.xml
@@ -423,7 +423,7 @@
<term>-U|--uid-to-sid <replaceable>uid</replaceable></term>
<listitem><para>Try to convert a UNIX user id to a Windows NT
SID. If the uid specified does not refer to one within
- the idmap uid range then the operation will fail. </para></listitem>
+ the idmap range then the operation will fail. </para></listitem>
</varlistentry>
<varlistentry>
diff --git a/docs-xml/manpages-3/winbindd.8.xml b/docs-xml/manpages-3/winbindd.8.xml
index c9fd4d8..df44e44 100644
--- a/docs-xml/manpages-3/winbindd.8.xml
+++ b/docs-xml/manpages-3/winbindd.8.xml
@@ -45,10 +45,9 @@
<para>Even if winbind is not used for nsswitch, it still provides a
service to <command>smbd</command>, <command>ntlm_auth</command>
and the <command>pam_winbind.so</command> PAM module, by managing connections to
- domain controllers. In this configuraiton the
- <smbconfoption name="idmap uid"/> and
- <smbconfoption name="idmap gid"/>
- parameters are not required. (This is known as `netlogon proxy only mode'.)</para>
+ domain controllers. In this configuration the
+ <smbconfoption name="idmap config * : range"/>
+ parameter is not required. (This is known as `netlogon proxy only mode'.)</para>
<para> The Name Service Switch allows user
and system information to be obtained from different databases
@@ -246,11 +245,9 @@ hosts: files wins
<listitem><para>
<smbconfoption name="winbind separator"/></para></listitem>
<listitem><para>
- <smbconfoption name="idmap uid"/></para></listitem>
+ <smbconfoption name="idmap config * : range"/></para></listitem>
<listitem><para>
- <smbconfoption name="idmap gid"/></para></listitem>
- <listitem><para>
- <smbconfoption name="idmap backend"/></para></listitem>
+ <smbconfoption name="idmap config * : backend"/></para></listitem>
<listitem><para>
<smbconfoption name="winbind cache time"/></para></listitem>
<listitem><para>
@@ -340,8 +337,7 @@ auth required /lib/security/pam_unix.so \
winbind cache time = 10
template shell = /bin/bash
template homedir = /home/%D/%U
- idmap uid = 10000-20000
- idmap gid = 10000-20000
+ idmap config * : range = 10000-20000
workgroup = DOMAIN
security = domain
password server = *
@@ -374,7 +370,7 @@ auth required /lib/security/pam_unix.so \
<para>If more than one UNIX machine is running <command>winbindd</command>,
then in general the user and groups ids allocated by winbindd will not
be the same. The user and group ids will only be valid for the local
- machine, unless a shared <smbconfoption name="idmap backend"/> is configured.</para>
+ machine, unless a shared <smbconfoption name="idmap config * : backend"/> is configured.</para>
<para>If the the Windows NT SID to UNIX user and group id mapping
file is damaged or destroyed then the mappings will be lost. </para>
diff --git a/docs-xml/smbdotconf/winbind/idmapallocconfig.xml b/docs-xml/smbdotconf/winbind/idmapallocconfig.xml
deleted file mode 100644
index 0139041..0000000
--- a/docs-xml/smbdotconf/winbind/idmapallocconfig.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<samba:parameter name="idmap alloc config"
- context="G"
- type="string"
- advanced="1" developer="1" hide="1"
- xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-<description>
- <para>
- The idmap alloc config prefix provides a means of managing settings
--
Samba Shared Repository
More information about the samba-cvs
mailing list