[SCM] Samba Shared Repository - branch v3-6-test updated

Karolin Seeger kseeger at samba.org
Sun Jun 5 12:15:51 MDT 2011


The branch, v3-6-test has been updated
       via  36c9a94 s3:doc: update the ldap_user_dn documentation in the idmap_ldap manpage
       via  ed54e2a idmap_ldap.8: Add example with readonly backend
       via  2c3a745 s3:doc: clean up the example section of the idmap_tdb manpage
       via  e1709a6 winbindd.8: Use new idmap syntax for smbconfoptions
       via  16369ac s3:doc: document "idmap gid" as deprecated.
       via  b3ae1c3 s3:doc: document "idmap uid" as deprecated.
       via  f15abb1 s3:doc: remove the documentation of "idmap alloc backend", which has been removed
       via  3c8a743 s3:doc: document "idmap backend" as deprecated.
       via  5ea21ca s3:doc: update documentation of the "idmap config FOO : BAR" familiy of parameters
       via  6a7bcff winbindd.8: Fix typo
       via  8bc2980 idmap_tdb.8: Remove reference to idmap uid and idmap gid options as fallback
       via  1ec7b0d idmap_tdb.8: Remove references to alloc backend
       via  c867ebb idmap_tdb.8: Use new idmap syntax in examples
       via  40fbab5 idmap_ldap.8: Remove reference to idmap uid and idmap gid options as fallback
       via  5e76967 idmap_ldap.8: Backend is not only used for searching
       via  a1eb060 idmap_ldap.8: Remove references to idmap alloc backend
       via  9ea550b idmap_ldap.8: Rework example to use new idmap syntax
       via  7b3df5e idmap_tdb2.8: Remove mentioning of deprecated idmap uid and idmap gid options as fallback
       via  f5bfc20 idmap_tdb2.8: Avoid confusion with idmap uid and idmap gid options
       via  811a8c8 idmap_tdb2.8: Remove part about alloc backend
       via  838e0db idmap_tdb2.8: Use new syntax in example
       via  ac72323 winbindd.8: Use new syntax in example
       via  3fbfc96 wbinfo.1: Avoid confusion with idmap uid option
       via  b21c3ca idmap_autorid.8: Avoid confusion with idmap uid and idmap gid options
       via  4e842a3 idmap_autorid.8: Use new syntax in autorid backend examples
       via  f8e75b4 idmap_rid.8: Use new syntax in rid backend example
       via  6716667 idmap_nss.8: Use new syntax for nss backend
       via  b5e64725 idmap_hash.8: Use new syntax for hash backend
       via  28eb61a idmap_adex.8: Use new syntax in adex backend example
       via  3bf807f idmap_ad.8: use new syntax in ad backend example
      from  65a59d6 replace: remove waring if IOV_MAX is not defined

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 36c9a94bc132e738d68e40288b213a895b835e6b
Author: Michael Adam <obnox at samba.org>
Date:   Wed Jun 1 01:19:50 2011 +0200

    s3:doc: update the ldap_user_dn documentation in the idmap_ldap manpage
    
    also extend the example with ldap_user_dn.
    
    Autobuild-User: Michael Adam <obnox at samba.org>
    Autobuild-Date: Wed Jun  1 02:53:32 CEST 2011 on sn-devel-104

commit ed54e2a35234e3519fcc7d0a4587e39ceff36f6a
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 23:28:57 2011 +0200

    idmap_ldap.8: Add example with readonly backend
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 2c3a74542b81829c919ff70838edd070c65657d9
Author: Michael Adam <obnox at samba.org>
Date:   Tue May 31 18:09:14 2011 +0200

    s3:doc: clean up the example section of the idmap_tdb manpage
    
    Autobuild-User: Michael Adam <obnox at samba.org>
    Autobuild-Date: Tue May 31 19:47:45 CEST 2011 on sn-devel-104

commit e1709a664872a658e121bae673ab858753a157bf
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 17:21:09 2011 +0200

    winbindd.8: Use new idmap syntax for smbconfoptions
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 16369ac9d84d9abd349bbf777ab6394b7b3ea942
Author: Michael Adam <obnox at samba.org>
Date:   Tue May 31 10:29:37 2011 +0200

    s3:doc: document "idmap gid" as deprecated.
    
    Autobuild-User: Michael Adam <obnox at samba.org>
    Autobuild-Date: Tue May 31 11:39:38 CEST 2011 on sn-devel-104

commit b3ae1c3694d576ecb414290be759f3f5a9eac5d4
Author: Michael Adam <obnox at samba.org>
Date:   Tue May 31 10:29:08 2011 +0200

    s3:doc: document "idmap uid" as deprecated.

commit f15abb1a16329460cab64d9708caac1a67cb5988
Author: Michael Adam <obnox at samba.org>
Date:   Tue May 31 10:08:44 2011 +0200

    s3:doc: remove the documentation of "idmap alloc backend", which has been removed

commit 3c8a743a875db9d68d12cd6d4175f2217f4ecd8b
Author: Michael Adam <obnox at samba.org>
Date:   Tue May 31 10:07:59 2011 +0200

    s3:doc: document "idmap backend" as deprecated.

commit 5ea21cadfa1b895a8fdf9310184daa651c4c6c03
Author: Michael Adam <obnox at samba.org>
Date:   Tue May 31 10:03:18 2011 +0200

    s3:doc: update documentation of the "idmap config FOO : BAR" familiy of parameters

commit 6a7bcff808e75099771ee0409c4e2457b05e30a5
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:39 2011 +0200

    winbindd.8: Fix typo
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>
    
    Autobuild-User: Michael Adam <obnox at samba.org>
    Autobuild-Date: Tue May 31 02:56:52 CEST 2011 on sn-devel-104

commit 8bc2980ad18f1e0a51b3b496e40f46c756513885
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:38 2011 +0200

    idmap_tdb.8: Remove reference to idmap uid and idmap gid options as fallback
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 1ec7b0df60769b39ed0fd4be558abbb679dfe504
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:37 2011 +0200

    idmap_tdb.8: Remove references to alloc backend
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit c867ebb7b70ab886ff740fc3826b2801beaf8718
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:36 2011 +0200

    idmap_tdb.8: Use new idmap syntax in examples
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 40fbab5b48089390a61e7c8432f41c83daf7cd8d
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:35 2011 +0200

    idmap_ldap.8: Remove reference to idmap uid and idmap gid options as fallback
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 5e76967221a7281187aee534c662bf4eeb3ab338
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:34 2011 +0200

    idmap_ldap.8: Backend is not only used for searching
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit a1eb060670be257c2bc76f1033036a8aef27d070
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:33 2011 +0200

    idmap_ldap.8: Remove references to idmap alloc backend
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 9ea550bf905e39ca47b8ca2bb56d34a368c04b65
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:32 2011 +0200

    idmap_ldap.8: Rework example to use new idmap syntax
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 7b3df5ebd08312b9c20cc4c6e9232d4b569219d1
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:31 2011 +0200

    idmap_tdb2.8: Remove mentioning of deprecated idmap uid and idmap gid options as fallback
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit f5bfc2078ea4a1ead53856661390d32d3d4b6754
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:30 2011 +0200

    idmap_tdb2.8: Avoid confusion with idmap uid and idmap gid options
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 811a8c86cb16b9271bfe7441c8d53803b97fb5a3
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:29 2011 +0200

    idmap_tdb2.8: Remove part about alloc backend
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 838e0db43be446dbe72a527b87cde42aa86996f6
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:28 2011 +0200

    idmap_tdb2.8: Use new syntax in example
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit ac7232346df2b1c555a0f6e7fca4f04b0965d112
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:27 2011 +0200

    winbindd.8: Use new syntax in example
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 3fbfc960714f6f2e6a9ce6f80c5f79887861e5f6
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:26 2011 +0200

    wbinfo.1: Avoid confusion with idmap uid option
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit b21c3ca8e441fe13aec0c5dfd423e0d74c6ac9c2
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:25 2011 +0200

    idmap_autorid.8: Avoid confusion with idmap uid and idmap gid options
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 4e842a3d1d725b960a75053140585fff378f08ee
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:24 2011 +0200

    idmap_autorid.8: Use new syntax in autorid backend examples
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit f8e75b44a0c49832d95eba1d1de728fd846f5c3a
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:23 2011 +0200

    idmap_rid.8: Use new syntax in rid backend example
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 6716667b7cf5c5b27008e6e10e5b30f9b20442ca
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:22 2011 +0200

    idmap_nss.8: Use new syntax for nss backend
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit b5e64725f3462ada0579529280aea0bc1963ad11
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:21 2011 +0200

    idmap_hash.8: Use new syntax for hash backend
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 28eb61ae0c7e1917e728d9dcad900f92e16230fd
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:20 2011 +0200

    idmap_adex.8: Use new syntax in adex backend example
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

commit 3bf807f70bd9ca6ffe319b497190a9492eae3b10
Author: Luk Claes <luk at debian.org>
Date:   Tue May 31 00:26:19 2011 +0200

    idmap_ad.8: use new syntax in ad backend example
    
    Signed-off-by: Luk Claes <luk at debian.org>
    Signed-off-by: Michael Adam <obnox at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/manpages-3/idmap_ad.8.xml               |    5 +-
 docs-xml/manpages-3/idmap_adex.8.xml             |    5 +-
 docs-xml/manpages-3/idmap_autorid.8.xml          |   12 +--
 docs-xml/manpages-3/idmap_hash.8.xml             |    5 +-
 docs-xml/manpages-3/idmap_ldap.8.xml             |  107 ++++++++-------------
 docs-xml/manpages-3/idmap_nss.8.xml              |    5 +-
 docs-xml/manpages-3/idmap_rid.8.xml              |    5 +-
 docs-xml/manpages-3/idmap_tdb.8.xml              |   55 +----------
 docs-xml/manpages-3/idmap_tdb2.8.xml             |   30 +-----
 docs-xml/manpages-3/wbinfo.1.xml                 |    2 +-
 docs-xml/manpages-3/winbindd.8.xml               |   18 ++--
 docs-xml/smbdotconf/winbind/idmapallocconfig.xml |   14 ---
 docs-xml/smbdotconf/winbind/idmapbackend.xml     |   35 +-------
 docs-xml/smbdotconf/winbind/idmapconfig.xml      |  103 +++++++++++++++++----
 docs-xml/smbdotconf/winbind/idmapgid.xml         |   13 +--
 docs-xml/smbdotconf/winbind/idmapuid.xml         |   12 +--
 16 files changed, 168 insertions(+), 258 deletions(-)
 delete mode 100644 docs-xml/smbdotconf/winbind/idmapallocconfig.xml


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages-3/idmap_ad.8.xml b/docs-xml/manpages-3/idmap_ad.8.xml
index e628f0c..fbadaf2 100644
--- a/docs-xml/manpages-3/idmap_ad.8.xml
+++ b/docs-xml/manpages-3/idmap_ad.8.xml
@@ -85,9 +85,8 @@
 
 	<programlisting>
 	[global]
-	idmap backend = tdb
-	idmap uid = 1000000-1999999
-	idmap gid = 1000000-1999999
+	idmap config * : backend = tdb
+	idmap config * : range = 1000000-1999999
 
 	idmap config CORP : backend  = ad
 	idmap config CORP : range = 1000-999999
diff --git a/docs-xml/manpages-3/idmap_adex.8.xml b/docs-xml/manpages-3/idmap_adex.8.xml
index 7349caa..16d12cd 100644
--- a/docs-xml/manpages-3/idmap_adex.8.xml
+++ b/docs-xml/manpages-3/idmap_adex.8.xml
@@ -66,9 +66,8 @@
 
 	<programlisting>
 	[global]
-	idmap backend = adex
-	idmap uid = 1000-4000000000
-	idmap gid = 1000-4000000000
+	idmap config * : backend = adex
+	idmap config * : range = 1000-4000000000
 
 	winbind nss info = adex
 	winbind normalize names = yes
diff --git a/docs-xml/manpages-3/idmap_autorid.8.xml b/docs-xml/manpages-3/idmap_autorid.8.xml
index 38790ea..3a56555 100644
--- a/docs-xml/manpages-3/idmap_autorid.8.xml
+++ b/docs-xml/manpages-3/idmap_autorid.8.xml
@@ -88,9 +88,8 @@
 	workgroup = CUSTOMER
 	realm = CUSTOMER.COM
 
-	idmap backend = autorid
-	idmap uid = 1000000-1999999
-	idmap gid = 1000000-1999999
+	idmap config * : backend = autorid
+	idmap config * : range = 1000000-1999999
 
 	</programlisting>
 
@@ -98,7 +97,7 @@
 		This example shows how to configure idmap_autorid as default
 		for all domains with a potentially large amount of users
 		plus a specific configuration for a trusted domain
-		that uses the SFU mapping scheme. Please note that idmap uid/gid
+		that uses the SFU mapping scheme. Please note that idmap
 		ranges and sfu ranges are not allowed to overlap.
 	</para>
 
@@ -108,10 +107,9 @@
 	workgroup = CUSTOMER
 	realm = CUSTOMER.COM
 
-	idmap backend = autorid
+	idmap config * : backend = autorid
+	idmap config * : range = 1000000-19999999
 	autorid:rangesize = 1000000
-	idmap uid = 1000000-19999999
-	idmap gid = 1000000-19999999
 
 	idmap config TRUSTED : backend  = ad
 	idmap config TRUSTED : range    = 50000 - 99999
diff --git a/docs-xml/manpages-3/idmap_hash.8.xml b/docs-xml/manpages-3/idmap_hash.8.xml
index 2bbae71..f3ec6a7 100644
--- a/docs-xml/manpages-3/idmap_hash.8.xml
+++ b/docs-xml/manpages-3/idmap_hash.8.xml
@@ -52,9 +52,8 @@
 
 	<programlisting>
 	[global]
-	idmap backend = hash
-	idmap uid = 1000-4000000000
-	idmap gid = 1000-4000000000
+	idmap config * : backend = hash
+	idmap config * : range = 1000-4000000000
 
 	winbind nss info = hash
 	winbind normalize names = yes
diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml b/docs-xml/manpages-3/idmap_ldap.8.xml
index e3588b9..e68f278 100644
--- a/docs-xml/manpages-3/idmap_ldap.8.xml
+++ b/docs-xml/manpages-3/idmap_ldap.8.xml
@@ -27,26 +27,9 @@
 	<para>
 	In contrast to read only backends like idmap_rid, it is an allocating
 	backend: This means that it needs to allocate new user and group IDs in
-	order to create new mappings. The allocator can be provided by the
-	idmap_ldap backend itself or by any other allocating backend like
-	idmap_tdb or idmap_tdb2. This is configured with the
-	parameter <parameter>idmap alloc backend</parameter>.
+	order to create new mappings.
 	</para>
 
-	<para>
-	Note that in order for this (or any other allocating) backend to
-	function at all, the default backend needs to be writeable.
-	The ranges used for uid and gid allocation are the default ranges
-	configured by "idmap uid" and "idmap gid".
-	</para>
-
-	<para>
-	Furthermore, since there is only one global allocating backend
-	responsible for all domains using writeable idmap backends,
-	any explicitly configured domain with idmap backend ldap
-	should have the same range as the default range, since it needs
-	to use the global uid / gid allocator. See the example below.
-	</para>
 </refsynopsisdiv>
 
 <refsect1>
@@ -56,7 +39,7 @@
 		<varlistentry>
 		<term>ldap_base_dn = DN</term>
 		<listitem><para>
-			Defines the directory base suffix to use when searching for
+			Defines the directory base suffix to use for
 			SID/uid/gid mapping entries.  If not defined, idmap_ldap will default
 			to using the "ldap idmap suffix" option from smb.conf.
 		</para></listitem>
@@ -65,15 +48,21 @@
 		<varlistentry>
 		<term>ldap_user_dn = DN</term>
 		<listitem><para>
-			Defines the user DN to be used for authentication. If absent an
-			anonymous bind will be performed.
+			Defines the user DN to be used for authentication.
+			The secret for authenticating this user should be
+			stored with net idmap secret
+			(see <citerefentry><refentrytitle>net</refentrytitle>
+			<manvolnum>8</manvolnum></citerefentry>).
+			If absent, the ldap credentials from the ldap passdb configuration
+			are used, and if these are also absent, an anonymous
+			bind will be performed as last fallback.
 		</para></listitem>
 		</varlistentry>
 
 		<varlistentry>
 		<term>ldap_url = ldap://server/</term>
 		<listitem><para>
-			Specifies the LDAP server to use when searching for existing
+			Specifies the LDAP server to use for
 			SID/uid/gid map entries. If not defined, idmap_ldap will
 			assume that ldap://localhost/ should be used.
 		</para></listitem>
@@ -84,64 +73,50 @@
                 <listitem><para>
 			Defines the available matching uid and gid range for which the
 			backend is authoritative.
-			If the parameter is absent, Winbind fails over to use the
-			"idmap uid" and "idmap gid" options
-			from smb.conf.
                 </para></listitem>
                 </varlistentry>
 	</variablelist>
 </refsect1>
 
 <refsect1>
-	<title>IDMAP ALLOC OPTIONS</title>
-
-	<variablelist>
-		<varlistentry>
-		<term>ldap_base_dn = DN</term>
-		<listitem><para>
-			Defines the directory base suffix under which new SID/uid/gid mapping
-			entries should be stored.  If not defined, idmap_ldap will default
-			to using the "ldap idmap suffix" option from smb.conf.
-		</para></listitem>
-		</varlistentry>
-
-		<varlistentry>
-		<term>ldap_user_dn = DN</term>
-		<listitem><para>
-			Defines the user DN to be used for authentication. If absent an
-			anonymous bind will be performed.
-		</para></listitem>
-		</varlistentry>
-
-		<varlistentry>
-		<term>ldap_url = ldap://server/</term>
-		<listitem><para>
-			Specifies the LDAP server to which modify/add/delete requests should
-			be sent.  If not defined, idmap_ldap will assume that ldap://localhost/
-			should be used.
-		</para></listitem>
-		</varlistentry>
-	</variablelist>
-</refsect1>
-
-<refsect1>
 	<title>EXAMPLES</title>
 
 	<para>
-	The follow sets of a LDAP configuration which uses two LDAP
-	directories, one for storing the ID mappings and one for retrieving
-	new IDs.
+	The following example shows how an ldap directory is used as the
+	default idmap backend. It also configures the idmap range and base
+	directory suffix. The secret for the ldap_user_dn has to be set with
+	"net idmap secret '*' password".
 	</para>
 
 	<programlisting>
 	[global]
-	idmap backend = ldap:ldap://localhost/
-	idmap uid = 1000000-1999999
-	idmap gid = 1000000-1999999
+	idmap config * : backend      = ldap
+	idmap config * : range        = 1000000-1999999
+	idmap config * : ldap_url     = ldap://localhost/
+	idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com
+	idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com
+	</programlisting>
+
+	<para>
+	This example shows how ldap can be used as a readonly backend while
+	tdb is the default backend used to store the mappings.
+	It adds an explicit configuration for some domain DOM1, that
+	uses the ldap idmap backend. Note that a range disjoint from the
+	default range is used.
+	</para>
 
-	idmap alloc backend = ldap
-	idmap alloc config : ldap_url	= ldap://id-master/
-	idmap alloc config : ldap_base_dn = ou=idmap,dc=example,dc=com
+	<programlisting>
+	[global]
+	# "backend = tdb" is redundant here since it is the default
+	idmap config * : backend = tdb
+	idmap config * : range = 1000000-1999999
+
+	idmap config DOM1 : backend = ldap
+	idmap config DOM1 : range = 2000000-2999999
+	idmap config DOM1 : read only = yes
+	idmap config DOM1 : ldap_url = ldap://server/
+	idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com
+	idmap config DOM1 : ldap_user_dn = cn=idmap_admin,dc=dom1,dc=example,dc=com
 	</programlisting>
 </refsect1>
 
diff --git a/docs-xml/manpages-3/idmap_nss.8.xml b/docs-xml/manpages-3/idmap_nss.8.xml
index a7fdca0..576eef6 100644
--- a/docs-xml/manpages-3/idmap_nss.8.xml
+++ b/docs-xml/manpages-3/idmap_nss.8.xml
@@ -38,9 +38,8 @@
 
 	<programlisting>
 	[global]
-	idmap backend = tdb
-	idmap uid = 1000000-1999999
-	idmap gid = 1000000-1999999
+	idmap config * : backend = tdb
+	idmap config * : range = 1000000-1999999
 
 	idmap config SAMBA : backend  = nss
 	idmap config SAMBA : range = 1000-999999
diff --git a/docs-xml/manpages-3/idmap_rid.8.xml b/docs-xml/manpages-3/idmap_rid.8.xml
index a2a1c58..a29e978 100644
--- a/docs-xml/manpages-3/idmap_rid.8.xml
+++ b/docs-xml/manpages-3/idmap_rid.8.xml
@@ -106,9 +106,8 @@
 	security = domain
 	workgroup = MAIN
 
-	idmap backend = tdb
-	idmap uid = 1000000-1999999
-	idmap gid = 1000000-1999999
+	idmap config * : backend        = tdb
+	idmap config * : range          = 1000000-1999999
 
 	idmap config MAIN : backend     = rid
 	idmap config MAIN : range       = 10000 - 49999
diff --git a/docs-xml/manpages-3/idmap_tdb.8.xml b/docs-xml/manpages-3/idmap_tdb.8.xml
index 06a2967..c67d6cb 100644
--- a/docs-xml/manpages-3/idmap_tdb.8.xml
+++ b/docs-xml/manpages-3/idmap_tdb.8.xml
@@ -27,25 +27,7 @@
 	<para>
 	In contrast to read only backends like idmap_rid, it is an allocating
 	backend: This means that it needs to allocate new user and group IDs in
-	order to create new mappings. The allocator can be provided by the
-	idmap_tdb backend itself or by any other allocating backend like
-	idmap_ldap or idmap_tdb2. This is configured with the
-	parameter <parameter>idmap alloc backend</parameter>.
-	</para>
-
-	<para>
-	Note that in order for this (or any other allocating) backend to
-	function at all, the default backend needs to be writeable.
-	The ranges used for uid and gid allocation are the default ranges
-	configured by "idmap uid" and "idmap gid".
-	</para>
-
-	<para>
-	Furthermore, since there is only one global allocating backend
-	responsible for all domains using writeable idmap backends,
-	any explicitly configured domain with idmap backend tdb
-	should have the same range as the default range, since it needs
-	to use the global uid / gid allocator. See the example below.
+	order to create new mappings.
 	</para>
 </refsynopsisdiv>
 
@@ -58,9 +40,6 @@
                 <listitem><para>
 			Defines the available matching uid and gid range for which the
 			backend is authoritative.
-			If the parameter is absent, Winbind fails over to use
-			the "idmap uid" and "idmap gid" options
-			from smb.conf.
                 </para></listitem>
                 </varlistentry>
 	</variablelist>
@@ -71,38 +50,14 @@
 
 	<para>
 	This example shows how tdb is used as a the default idmap backend.
-	It configures the idmap range through the global options for all
-	domains encountered. This same range is used for uid/gid allocation.
-	</para>
-
-	<programlisting>
-	[global]
-	# "idmap backend = tdb" is redundant here since it is the default
-	idmap backend = tdb
-	idmap uid = 1000000-2000000
-	idmap gid = 1000000-2000000
-	</programlisting>
-
-	<para>
-	This (rather theoretical) example shows how tdb can be used as the
-	allocating backend while ldap is the default backend used to store
-	the mappings.
-	It adds an explicit configuration for some domain DOM1, that
-	uses the tdb idmap backend. Note that the same range as the
-	default uid/gid range is used, since the allocator has to serve
-	both the default backend and the explicitly configured domain DOM1.
+	This configured range is used for uid and gid allocation.
 	</para>
 
 	<programlisting>
 	[global]
-	idmap backend = ldap
-	idmap uid = 1000000-2000000
-	idmap gid = 1000000-2000000
-	# use a different uid/gid allocator:
-	idmap alloc backend = tdb
-
-	idmap config DOM1 : backend = tdb
-	idmap config DOM1 : range = 1000000-2000000
+	# "backend = tdb" is redundant here since it is the default
+	idmap config * : backend = tdb
+	idmap config * : range = 1000000-2000000
 	</programlisting>
 </refsect1>
 
diff --git a/docs-xml/manpages-3/idmap_tdb2.8.xml b/docs-xml/manpages-3/idmap_tdb2.8.xml
index a5d1080..980ffe6 100644
--- a/docs-xml/manpages-3/idmap_tdb2.8.xml
+++ b/docs-xml/manpages-3/idmap_tdb2.8.xml
@@ -28,25 +28,7 @@
 	<para>
 	In contrast to read only backends like idmap_rid, it is an allocating
 	backend: This means that it needs to allocate new user and group IDs in
-	order to create new mappings. The allocator can be provided by the
-	idmap_tdb2 backend itself or by any other allocating backend like
-	idmap_tdb or idmap_ldap. This is configured with the
-	parameter <parameter>idmap alloc backend</parameter>.
-	</para>
-
-	<para>
-	Note that in order for this (or any other allocating) backend to
-	function at all, the default backend needs to be writeable.
-	The ranges used for uid and gid allocation are the default ranges
-	configured by "idmap uid" and "idmap gid".
-	</para>
-
-	<para>
-	Furthermore, since there is only one global allocating backend
-	responsible for all domains using writeable idmap backends,
-	any explicitly configured domain with idmap backend tdb2
-	should have the same range as the default range, since it needs
-	to use the global uid / gid allocator. See the example below.
+	order to create new mappings.
 	</para>
 </refsynopsisdiv>
 
@@ -59,9 +41,6 @@
 		<listitem><para>
 			Defines the available matching uid and gid range for which the
 			backend is authoritative.
-			If the parameter is absent, Winbind fails over to use
-			the "idmap uid" and "idmap gid" options
-			from smb.conf.
 		</para></listitem>
 		</varlistentry>
 	</variablelist>
@@ -108,14 +87,13 @@
 	<para>
 	This example shows how tdb2 is used as a the default idmap backend.
 	It configures the idmap range through the global options for all
-	domains encountered. This same range is used for uid/gid allocation.
+	domains encountered.
 	</para>
 
 	<programlisting>
 	[global]
-	idmap backend = tdb2
-	idmap uid = 1000000-2000000
-	idmap gid = 1000000-2000000
+	idmap config * : backend = tdb2
+	idmap config * : range = 1000000-2000000
 	</programlisting>
 </refsect1>
 
diff --git a/docs-xml/manpages-3/wbinfo.1.xml b/docs-xml/manpages-3/wbinfo.1.xml
index c1b2c1f..0701d08 100644
--- a/docs-xml/manpages-3/wbinfo.1.xml
+++ b/docs-xml/manpages-3/wbinfo.1.xml
@@ -423,7 +423,7 @@
 		<term>-U|--uid-to-sid <replaceable>uid</replaceable></term>
 		<listitem><para>Try to convert a UNIX user id to a Windows NT
 		SID.  If the uid specified does not refer to one within
-		the idmap uid range then the operation will fail. </para></listitem>
+		the idmap range then the operation will fail. </para></listitem>
 		</varlistentry>
 
 		<varlistentry>
diff --git a/docs-xml/manpages-3/winbindd.8.xml b/docs-xml/manpages-3/winbindd.8.xml
index c9fd4d8..df44e44 100644
--- a/docs-xml/manpages-3/winbindd.8.xml
+++ b/docs-xml/manpages-3/winbindd.8.xml
@@ -45,10 +45,9 @@
 	<para>Even if winbind is not used for nsswitch, it still provides a
 	service to <command>smbd</command>, <command>ntlm_auth</command>
 	and the <command>pam_winbind.so</command> PAM module, by managing connections to
-	domain controllers.  In this configuraiton the
-	<smbconfoption name="idmap uid"/> and
-	<smbconfoption name="idmap gid"/>
-	parameters are not required. (This is known as `netlogon proxy only mode'.)</para>
+	domain controllers.  In this configuration the
+	<smbconfoption name="idmap config * : range"/>
+	parameter is not required. (This is known as `netlogon proxy only mode'.)</para>
 
         <para> The Name Service Switch allows user
 	and system information to be obtained from different databases
@@ -246,11 +245,9 @@ hosts:		files wins
 		<listitem><para>
 		<smbconfoption name="winbind separator"/></para></listitem>
 		<listitem><para>
-		<smbconfoption name="idmap uid"/></para></listitem>
+		<smbconfoption name="idmap config * : range"/></para></listitem>
 		<listitem><para>
-		<smbconfoption name="idmap gid"/></para></listitem>
-		<listitem><para>
-		<smbconfoption name="idmap backend"/></para></listitem>
+		<smbconfoption name="idmap config * : backend"/></para></listitem>
 		<listitem><para>
 		<smbconfoption name="winbind cache time"/></para></listitem>
 		<listitem><para>
@@ -340,8 +337,7 @@ auth  required    /lib/security/pam_unix.so \
         winbind cache time = 10
         template shell = /bin/bash
         template homedir = /home/%D/%U
-        idmap uid = 10000-20000
-        idmap gid = 10000-20000
+        idmap config * : range = 10000-20000
         workgroup = DOMAIN
         security = domain
         password server = *
@@ -374,7 +370,7 @@ auth  required    /lib/security/pam_unix.so \
 	<para>If more than one UNIX machine is running <command>winbindd</command>,
 	then in general the user and groups ids allocated by winbindd will not
 	be the same.  The user and group ids will only be valid for the local
-	machine, unless a shared <smbconfoption name="idmap backend"/> is configured.</para>
+	machine, unless a shared <smbconfoption name="idmap config * : backend"/> is configured.</para>
 
 	<para>If the the Windows NT SID to UNIX user and group id mapping
 	file is damaged or destroyed then the mappings will be lost. </para>
diff --git a/docs-xml/smbdotconf/winbind/idmapallocconfig.xml b/docs-xml/smbdotconf/winbind/idmapallocconfig.xml
deleted file mode 100644
index 0139041..0000000
--- a/docs-xml/smbdotconf/winbind/idmapallocconfig.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<samba:parameter name="idmap alloc config"
-                 context="G"
-		 type="string"
-                 advanced="1" developer="1" hide="1"
-                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-<description>
-	<para>
-	The idmap alloc config prefix provides a means of managing settings


-- 
Samba Shared Repository


More information about the samba-cvs mailing list