[SCM] Samba Shared Repository - branch master updated
Michael Adam
obnox at samba.org
Tue May 31 03:40:02 MDT 2011
The branch, master has been updated
via 54c788f s3:doc: document "idmap gid" as deprecated.
via 7c1021b s3:doc: document "idmap uid" as deprecated.
via 871daf1 s3:doc: remove the documentation of "idmap alloc backend", which has been removed
via 13c4c30 s3:doc: document "idmap backend" as deprecated.
via 939378d s3:doc: update documentation of the "idmap config FOO : BAR" familiy of parameters
via 36feb8a s3:lib/eventlog/proto.h: add _LIB_EVENTLOG_PROTO_H_ guard
via 00530e3 s3:lib/eventlog/proto.h: add GPL/Copyright header
from c7b9dbe s3-libsmb remove ldap_err2string() as common nterrs[] has the constants
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 54c788f2dff1280636f3ce6f21e547c852aa862f
Author: Michael Adam <obnox at samba.org>
Date: Tue May 31 10:29:37 2011 +0200
s3:doc: document "idmap gid" as deprecated.
Autobuild-User: Michael Adam <obnox at samba.org>
Autobuild-Date: Tue May 31 11:39:38 CEST 2011 on sn-devel-104
commit 7c1021bc2b90777c2171dff2923ee16a0957c2f5
Author: Michael Adam <obnox at samba.org>
Date: Tue May 31 10:29:08 2011 +0200
s3:doc: document "idmap uid" as deprecated.
commit 871daf1aa4b3c73e63f0ff7e47a444bfc000b7aa
Author: Michael Adam <obnox at samba.org>
Date: Tue May 31 10:08:44 2011 +0200
s3:doc: remove the documentation of "idmap alloc backend", which has been removed
commit 13c4c30a02269b91379a50acbc45a883588d37bf
Author: Michael Adam <obnox at samba.org>
Date: Tue May 31 10:07:59 2011 +0200
s3:doc: document "idmap backend" as deprecated.
commit 939378d42abaed230bf7590c37ea275c57f4fd93
Author: Michael Adam <obnox at samba.org>
Date: Tue May 31 10:03:18 2011 +0200
s3:doc: update documentation of the "idmap config FOO : BAR" familiy of parameters
commit 36feb8a240a7f061e25223364c1f7ca8476a029f
Author: Michael Adam <obnox at samba.org>
Date: Tue May 31 07:32:15 2011 +0200
s3:lib/eventlog/proto.h: add _LIB_EVENTLOG_PROTO_H_ guard
commit 00530e3d0166641a4f9716067e3c5d1146b0db17
Author: Michael Adam <obnox at samba.org>
Date: Tue May 31 07:31:14 2011 +0200
s3:lib/eventlog/proto.h: add GPL/Copyright header
-----------------------------------------------------------------------
Summary of changes:
docs-xml/smbdotconf/winbind/idmapallocconfig.xml | 14 ---
docs-xml/smbdotconf/winbind/idmapbackend.xml | 35 +-------
docs-xml/smbdotconf/winbind/idmapconfig.xml | 103 +++++++++++++++++----
docs-xml/smbdotconf/winbind/idmapgid.xml | 13 +--
docs-xml/smbdotconf/winbind/idmapuid.xml | 12 +--
source3/lib/eventlog/proto.h | 27 ++++++
6 files changed, 122 insertions(+), 82 deletions(-)
delete mode 100644 docs-xml/smbdotconf/winbind/idmapallocconfig.xml
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/winbind/idmapallocconfig.xml b/docs-xml/smbdotconf/winbind/idmapallocconfig.xml
deleted file mode 100644
index 0139041..0000000
--- a/docs-xml/smbdotconf/winbind/idmapallocconfig.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<samba:parameter name="idmap alloc config"
- context="G"
- type="string"
- advanced="1" developer="1" hide="1"
- xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
-<description>
- <para>
- The idmap alloc config prefix provides a means of managing settings
- for the backend defined by the <smbconfoption name="idmap alloc backend"/>
- parameter. Refer to the man page for each idmap plugin regarding
- specific configuration details.
- </para>
-</description>
-</samba:parameter>
diff --git a/docs-xml/smbdotconf/winbind/idmapbackend.xml b/docs-xml/smbdotconf/winbind/idmapbackend.xml
index 824476f..bd96dfe 100644
--- a/docs-xml/smbdotconf/winbind/idmapbackend.xml
+++ b/docs-xml/smbdotconf/winbind/idmapbackend.xml
@@ -11,39 +11,8 @@
<para>
This option specifies the default backend that is used when no special
- configuration set by <smbconfoption name="idmap config"/> matches the
- specific request.
- </para>
-
- <para>
- This default backend also specifies the place where winbind-generated
- idmap entries will be stored. So it is highly recommended that you
- specify a writable backend like <citerefentry>
- <refentrytitle>idmap_tdb</refentrytitle> <manvolnum>8</manvolnum>
- </citerefentry> or <citerefentry>
- <refentrytitle>idmap_ldap</refentrytitle> <manvolnum>8</manvolnum>
- </citerefentry> as the idmap backend. The <citerefentry>
- <refentrytitle>idmap_rid</refentrytitle> <manvolnum>8</manvolnum>
- </citerefentry> and <citerefentry>
- <refentrytitle>idmap_ad</refentrytitle> <manvolnum>8</manvolnum>
- </citerefentry> backends are not writable and thus will generate
- unexpected results if set as idmap backend.
- </para>
-
- <para>
- To use the rid and ad backends, please specify them via the
- <smbconfoption name="idmap config"/> parameter, possibly also for the
- domain your machine is member of, specified by <smbconfoption
- name="workgroup"/>.
- </para>
-
- <para>Examples of SID/uid/gid backends include tdb (<citerefentry>
- <refentrytitle>idmap_tdb</refentrytitle><manvolnum>8</manvolnum></citerefentry>),
- ldap (<citerefentry><refentrytitle>idmap_ldap</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry>), rid (<citerefentry>
- <refentrytitle>idmap_rid</refentrytitle><manvolnum>8</manvolnum></citerefentry>),
- and ad (<citerefentry><refentrytitle>idmap_ad</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry>).
+ configuration set, but it is now deprecated in favour of the new
+ spelling <smbconfoption name="idmap config * : backend"/>.
</para>
</description>
diff --git a/docs-xml/smbdotconf/winbind/idmapconfig.xml b/docs-xml/smbdotconf/winbind/idmapconfig.xml
index f6e97b9..69bddf0 100644
--- a/docs-xml/smbdotconf/winbind/idmapconfig.xml
+++ b/docs-xml/smbdotconf/winbind/idmapconfig.xml
@@ -6,44 +6,108 @@
<description>
<para>
- The idmap config prefix provides a means of managing each trusted
- domain separately. The idmap config prefix should be followed by the
- name of the domain, a colon, and a setting specific to the chosen
- backend. There are three options available for all domains:
+ ID mapping in Samba is the mapping between Windows SIDs and Unix user
+ and group IDs. This is performed by Winbindd with a configurable plugin
+ interface. Samba's ID mapping is configured by options starting with the
+ <smbconfoption name="idmap config"/> prefix.
+ An idmap option consists of the <smbconfoption name="idmap config"/>
+ prefix, followed by a domain name or the asterisk character (*),
+ a colon, and the name of an idmap setting for the chosen domain.
</para>
- <variablelist>
+ <para>
+ The idmap configuration is hence divided into groups, one group
+ for each domain to be configured, and one group with the the
+ asterisk instead of a proper domain name, which speifies the
+ default configuration that is used to catch all domains that do
+ not have an explicit idmap configuration of their own.
+ </para>
+
+ <para>
+ There are three general options available:
+ </para>
+
+ <variablelist>
<varlistentry>
<term>backend = backend_name</term>
<listitem><para>
- Specifies the name of the idmap plugin to use as the
- SID/uid/gid backend for this domain.
+ This specifies the name of the idmap plugin to use as the
+ SID/uid/gid backend for this domain. The standard backends are
+ tdb
+ (<citerefentry><refentrytitle>idmap_tdb</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>),
+ tdb2
+ (<citerefentry><refentrytitle>idmap_tdb2</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+ ldap
+ (<citerefentry><refentrytitle>idmap_ldap</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+ ,
+ rid
+ (<citerefentry><refentrytitle>idmap_rid</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+ ,
+ hash
+ (<citerefentry><refentrytitle>idmap_hash</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+ ,
+ autorid
+ (<citerefentry><refentrytitle>idmap_autorid</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+ ,
+ ad
+ (<citerefentry><refentrytitle>idmap_ad</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+ ,
+ adex
+ (<citerefentry><refentrytitle>idmap_adex</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+ ,
+ and nss.
+ (<citerefentry><refentrytitle>idmap_nss</refentrytitle> <manvolnum>8</manvolnum></citerefentry>),
+ The corresponding manual pages contain the details, but
+ here is a summary.
+ </para>
+ <para>
+ The first three of these create mappings of their own using
+ internal unixid counters and store the mappings in a database.
+ These are suitable for use in the default idmap configuration.
+ The rid and hash backends use a pure algorithmic calculation
+ to determine the unixid for a SID. The autorid module is a
+ mixture of the tdb and rid backend. It creates ranges for
+ each domain encountered and then uses the rid algorithm for each
+ of these automatically configured domains individually.
+ The ad and adex
+ backends both use unix IDs stored in Active Directory via
+ the standard schema extensions. The nss backend reverses
+ the standard winbindd setup and gets the unixids via names
+ from nsswitch which can be useful in an ldap setup.
</para></listitem>
</varlistentry>
<varlistentry>
<term>range = low - high</term>
- <listitem><para>
+ <listitem><para>
Defines the available matching uid and gid range for which the
- backend is authoritative. Note that the range commonly
- matches the allocation range due to the fact that the same
- backend will store and retrieve SID/uid/gid mapping entries.
- </para>
+ backend is authoritative. For allocating backends, this also
+ defines the start and the end of the range for allocating
+ new unid IDs.
+ </para>
<para>
winbind uses this parameter to find the backend that is
- authoritative for a unix ID to SID mapping, so it must be set
- for each individually configured domain, and it must be
- disjoint from the ranges set via <smbconfoption name="idmap
- uid"/> and <smbconfoption name="idmap gid"/>.
+ authoritative for a unix ID to SID mapping, so it must be set
+ for each individually configured domain and for the default
+ configuration. The configured ranges must be mutually disjoint.
</para></listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>read only = yes|no</term>
+ <listitem><para>
+ This option can be used to turn the writing backends
+ tdb, tdb2, and ldap into read only mode. This can be useful
+ e.g. in cases where a pre-filled database exists that should
+ not be extended automatically.
+ </para></listitem>
</varlistentry>
</variablelist>
<para>
The following example illustrates how to configure the <citerefentry>
<refentrytitle>idmap_ad</refentrytitle> <manvolnum>8</manvolnum>
- </citerefentry> for the CORP domain and the
+ </citerefentry> backend for the CORP domain and the
<citerefentry><refentrytitle>idmap_tdb</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> backend for all other
domains. This configuration assumes that the admin of CORP assigns
@@ -53,9 +117,8 @@
</para>
<programlisting>
- idmap backend = tdb
- idmap uid = 1000000-1999999
- idmap gid = 1000000-1999999
+ idmap config * : backend = tdb
+ idmap config * : range = 1000000-1999999
idmap config CORP : backend = ad
idmap config CORP : range = 1000-999999
diff --git a/docs-xml/smbdotconf/winbind/idmapgid.xml b/docs-xml/smbdotconf/winbind/idmapgid.xml
index ef3ae4f..27648a2 100644
--- a/docs-xml/smbdotconf/winbind/idmapgid.xml
+++ b/docs-xml/smbdotconf/winbind/idmapgid.xml
@@ -5,16 +5,13 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<synonym>winbind gid</synonym>
<description>
- <para>The idmap gid parameter specifies the range of group ids
- that are allocated for the purpose of mapping UNX groups to NT group
- SIDs. This range of group ids should have no
- existing local or NIS groups within it as strange conflicts can
- occur otherwise.</para>
-
- <para>See also the <smbconfoption name="idmap backend"/>, and
- <smbconfoption name="idmap config"/> options.
+ <para>
+ The idmap gid parameter specifies the range of group ids
+ for the default idmap configuration. It is now deprecated
+ in favour of <smbconfoption name="idmap config * : range"/>.
</para>
+ <para>See the <smbconfoption name="idmap config"/> option.</para>
</description>
<value type="default"></value>
diff --git a/docs-xml/smbdotconf/winbind/idmapuid.xml b/docs-xml/smbdotconf/winbind/idmapuid.xml
index 2c53817..ce5a4de 100644
--- a/docs-xml/smbdotconf/winbind/idmapuid.xml
+++ b/docs-xml/smbdotconf/winbind/idmapuid.xml
@@ -6,14 +6,12 @@
<synonym>winbind uid</synonym>
<description>
<para>
- The idmap uid parameter specifies the range of user ids that are
- allocated for use in mapping UNIX users to NT user SIDs. This
- range of ids should have no existing local
- or NIS users within it as strange conflicts can occur otherwise.</para>
-
- <para>See also the <smbconfoption name="idmap backend"/> and
- <smbconfoption name="idmap config"/> options.
+ The idmap uid parameter specifies the range of user ids for
+ the default idmap configuration. It is now deprecated in favour
+ of <smbconfoption name="idmap config * : range"/>.
</para>
+
+ <para>See the <smbconfoption name="idmap config"/> option.</para>
</description>
<value type="default"></value>
diff --git a/source3/lib/eventlog/proto.h b/source3/lib/eventlog/proto.h
index 21790d0..d3341ce 100644
--- a/source3/lib/eventlog/proto.h
+++ b/source3/lib/eventlog/proto.h
@@ -1,3 +1,28 @@
+/*
+ * Unix SMB/CIFS implementation.
+ * Eventlog utility routines
+ *
+ * Copyright (C) Marcin Krzysztof Porwit 2005
+ * Copyright (C) Brian Moran 2005
+ * Copyright (C) Gerald (Jerry) Carter 2005
+ * Copyright (C) Guenther Deschner 2009
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _LIB_EVENTLOG_PROTO_H_
+#define _LIB_EVENTLOG_PROTO_H_
/* The following definitions come from lib/eventlog/eventlog.c */
@@ -33,3 +58,5 @@ NTSTATUS evlog_convert_tdb_to_evt(TALLOC_CTX *mem_ctx,
ELOG_TDB *etdb,
DATA_BLOB *blob_p,
uint32_t *num_records_p);
+
+#endif /* _LIB_EVENTLOG_PROTO_H_ */
--
Samba Shared Repository
More information about the samba-cvs
mailing list