| [596] | 1 | '\" t
|
|---|
| [429] | 2 | .\" Title: idmap_ldap
|
|---|
| 3 | .\" Author: [see the "AUTHOR" section]
|
|---|
| [596] | 4 | .\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
|
|---|
| [620] | 5 | .\" Date: 08/02/2011
|
|---|
| [429] | 6 | .\" Manual: System Administration tools
|
|---|
| 7 | .\" Source: Samba 3.5
|
|---|
| 8 | .\" Language: English
|
|---|
| 9 | .\"
|
|---|
| [620] | 10 | .TH "IDMAP_LDAP" "8" "08/02/2011" "Samba 3\&.5" "System Administration tools"
|
|---|
| [429] | 11 | .\" -----------------------------------------------------------------
|
|---|
| 12 | .\" * set default formatting
|
|---|
| 13 | .\" -----------------------------------------------------------------
|
|---|
| 14 | .\" disable hyphenation
|
|---|
| 15 | .nh
|
|---|
| 16 | .\" disable justification (adjust text to left margin only)
|
|---|
| 17 | .ad l
|
|---|
| 18 | .\" -----------------------------------------------------------------
|
|---|
| 19 | .\" * MAIN CONTENT STARTS HERE *
|
|---|
| 20 | .\" -----------------------------------------------------------------
|
|---|
| [596] | 21 | .SH "NAME"
|
|---|
| [429] | 22 | idmap_ldap \- Samba\'s idmap_ldap Backend for Winbind
|
|---|
| 23 | .SH "DESCRIPTION"
|
|---|
| 24 | .PP
|
|---|
| 25 | The idmap_ldap plugin provides a means for Winbind to store and retrieve SID/uid/gid mapping tables in an LDAP directory service\&.
|
|---|
| 26 | .PP
|
|---|
| 27 | In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&. The allocator can be provided by the idmap_ldap backend itself or by any other allocating backend like idmap_tdb or idmap_tdb2\&. This is configured with the parameter
|
|---|
| 28 | \fIidmap alloc backend\fR\&.
|
|---|
| 29 | .PP
|
|---|
| 30 | Note that in order for this (or any other allocating) backend to function at all, the default backend needs to be writeable\&. The ranges used for uid and gid allocation are the default ranges configured by "idmap uid" and "idmap gid"\&.
|
|---|
| 31 | .PP
|
|---|
| 32 | Furthermore, since there is only one global allocating backend responsible for all domains using writeable idmap backends, any explicitly configured domain with idmap backend ldap should have the same range as the default range, since it needs to use the global uid / gid allocator\&. See the example below\&.
|
|---|
| 33 | .SH "IDMAP OPTIONS"
|
|---|
| 34 | .PP
|
|---|
| 35 | ldap_base_dn = DN
|
|---|
| 36 | .RS 4
|
|---|
| 37 | Defines the directory base suffix to use when searching for SID/uid/gid mapping entries\&. If not defined, idmap_ldap will default to using the "ldap idmap suffix" option from smb\&.conf\&.
|
|---|
| 38 | .RE
|
|---|
| 39 | .PP
|
|---|
| 40 | ldap_user_dn = DN
|
|---|
| 41 | .RS 4
|
|---|
| 42 | Defines the user DN to be used for authentication\&. If absent an anonymous bind will be performed\&.
|
|---|
| 43 | .RE
|
|---|
| 44 | .PP
|
|---|
| 45 | ldap_url = ldap://server/
|
|---|
| 46 | .RS 4
|
|---|
| 47 | Specifies the LDAP server to use when searching for existing SID/uid/gid map entries\&. If not defined, idmap_ldap will assume that ldap://localhost/ should be used\&.
|
|---|
| 48 | .RE
|
|---|
| |
|---|
