manpagez: man pages & more
man idmap_ad(8)
Home | html | info | man
idmap_ad(8)                                                        idmap_ad(8)




NAME

       idmap_ad - Samba's idmap_ad Backend for Winbind


DESCRIPTION

       The idmap_ad plugin provides a way for Winbind to read id mappings from
       an AD server that  uses  RFC2307/SFU  schema  extensions.  This  module
       implements only the "idmap" API, and is READONLY. Mappings must be pro-
       vided in advance by the administrator by adding the posixAccount/posix-
       Group  classess  and  relative  attribute/value  pairs to the users and
       groups objects in AD


IDMAP OPTIONS

       range = low - high
          Defines the available matching uid and gid range for which the back-
          end is authoritative. Note that the range acts as a filter. If spec-
          ified any UID or GID stored in AD that fall  outside  the  range  is
          ignored  and the corresponding map is discarded. It is intended as a
          way to avoid accidental UID/GID overlaps between local and  remotely
          defined IDs.

       schema_mode = <rfc2307 | sfu >
          Defines  the  schema  that  idmap_ad should use when querying Active
          Directory regarding user and group information. This can either  the
          RFC2307  schema  support  included in Windows 2003 R2 or the Service
          for Unix (SFU) schema.


EXAMPLES

       The following example shows how to retrieve idmappings from our princi-
       pal and and trusted AD domains. All is needed is to set default to yes.
       If trusted domains are present id conflicts must  be  resolved  before-
       hand,  there  is no guarantee on the order confliting mappings would be
       resolved at this point. This example also shows how to  leave  a  small
       non  conflicting  range  for  local  id  allocation that may be used in
       internal backends like BULTIN.


            [global]
            idmap domains = ALLDOMAINS
            idmap config ALLDOMAINS:backend      = ad
            idmap config ALLDOMAINS:default      = yes
            idmap config ALLDOMAINS:range        = 10000 - 300000000

            idmap alloc backend = tdb
            idmap alloc config:range        = 5000 - 9999



AUTHOR

       The original Samba software  and  related  utilities  were  created  by
       Andrew  Tridgell.  Samba  is now developed by the Samba Team as an Open
       Source project similar to the way the Linux kernel is developed.




                                                                   idmap_ad(8)

Mac OS X 10.6 - Generated Thu Sep 17 20:25:56 CDT 2009
© manpagez.com 2000-2024
Individual documents may contain additional copyright information.