The Samba-Bugzilla – Attachment 6520 Details for
Bug 8058
Documentation on rewritten idmapping
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
idmap manpage patchset for 3.6
idmap-manpage-patchset-v3-6-test.mbox (text/plain), 45.08 KB, created by
Michael Adam
on 2011-06-04 23:29:35 UTC
(
hide
)
Description:
idmap manpage patchset for 3.6
Filename:
MIME Type:
Creator:
Michael Adam
Created:
2011-06-04 23:29:35 UTC
Size:
45.08 KB
patch
obsolete
>From 5068c0239667bf4b0f0768519d98b7d7344b6b42 Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:19 +0200 >Subject: [PATCH 01/30] idmap_ad.8: use new syntax in ad backend example > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/idmap_ad.8.xml | 5 ++--- > 1 files changed, 2 insertions(+), 3 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_ad.8.xml b/docs-xml/manpages-3/idmap_ad.8.xml >index e628f0c..fbadaf2 100644 >--- a/docs-xml/manpages-3/idmap_ad.8.xml >+++ b/docs-xml/manpages-3/idmap_ad.8.xml >@@ -85,9 +85,8 @@ > > <programlisting> > [global] >- idmap backend = tdb >- idmap uid = 1000000-1999999 >- idmap gid = 1000000-1999999 >+ idmap config * : backend = tdb >+ idmap config * : range = 1000000-1999999 > > idmap config CORP : backend = ad > idmap config CORP : range = 1000-999999 >-- >1.7.1 > > >From f2297b3f54cd3b091934b0c6620f3ea7d0f05435 Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:20 +0200 >Subject: [PATCH 02/30] idmap_adex.8: Use new syntax in adex backend example > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/idmap_adex.8.xml | 5 ++--- > 1 files changed, 2 insertions(+), 3 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_adex.8.xml b/docs-xml/manpages-3/idmap_adex.8.xml >index 7349caa..16d12cd 100644 >--- a/docs-xml/manpages-3/idmap_adex.8.xml >+++ b/docs-xml/manpages-3/idmap_adex.8.xml >@@ -66,9 +66,8 @@ > > <programlisting> > [global] >- idmap backend = adex >- idmap uid = 1000-4000000000 >- idmap gid = 1000-4000000000 >+ idmap config * : backend = adex >+ idmap config * : range = 1000-4000000000 > > winbind nss info = adex > winbind normalize names = yes >-- >1.7.1 > > >From ea0f1766a4ddeab5c6cbe15f9f6e2bdb08f3de8d Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:21 +0200 >Subject: [PATCH 03/30] idmap_hash.8: Use new syntax for hash backend > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/idmap_hash.8.xml | 5 ++--- > 1 files changed, 2 insertions(+), 3 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_hash.8.xml b/docs-xml/manpages-3/idmap_hash.8.xml >index 2bbae71..f3ec6a7 100644 >--- a/docs-xml/manpages-3/idmap_hash.8.xml >+++ b/docs-xml/manpages-3/idmap_hash.8.xml >@@ -52,9 +52,8 @@ > > <programlisting> > [global] >- idmap backend = hash >- idmap uid = 1000-4000000000 >- idmap gid = 1000-4000000000 >+ idmap config * : backend = hash >+ idmap config * : range = 1000-4000000000 > > winbind nss info = hash > winbind normalize names = yes >-- >1.7.1 > > >From 5bd444b48ecbb1810b6b6b50c9e47a680063e7cd Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:22 +0200 >Subject: [PATCH 04/30] idmap_nss.8: Use new syntax for nss backend > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/idmap_nss.8.xml | 5 ++--- > 1 files changed, 2 insertions(+), 3 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_nss.8.xml b/docs-xml/manpages-3/idmap_nss.8.xml >index a7fdca0..576eef6 100644 >--- a/docs-xml/manpages-3/idmap_nss.8.xml >+++ b/docs-xml/manpages-3/idmap_nss.8.xml >@@ -38,9 +38,8 @@ > > <programlisting> > [global] >- idmap backend = tdb >- idmap uid = 1000000-1999999 >- idmap gid = 1000000-1999999 >+ idmap config * : backend = tdb >+ idmap config * : range = 1000000-1999999 > > idmap config SAMBA : backend = nss > idmap config SAMBA : range = 1000-999999 >-- >1.7.1 > > >From 8e3b0321c49832e330c5ef91d92e482ae8fc5d21 Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:23 +0200 >Subject: [PATCH 05/30] idmap_rid.8: Use new syntax in rid backend example > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/idmap_rid.8.xml | 5 ++--- > 1 files changed, 2 insertions(+), 3 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_rid.8.xml b/docs-xml/manpages-3/idmap_rid.8.xml >index a2a1c58..a29e978 100644 >--- a/docs-xml/manpages-3/idmap_rid.8.xml >+++ b/docs-xml/manpages-3/idmap_rid.8.xml >@@ -106,9 +106,8 @@ > security = domain > workgroup = MAIN > >- idmap backend = tdb >- idmap uid = 1000000-1999999 >- idmap gid = 1000000-1999999 >+ idmap config * : backend = tdb >+ idmap config * : range = 1000000-1999999 > > idmap config MAIN : backend = rid > idmap config MAIN : range = 10000 - 49999 >-- >1.7.1 > > >From eeff4703e693bbd5eabf087cc080e4711bc75c8e Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:24 +0200 >Subject: [PATCH 06/30] idmap_autorid.8: Use new syntax in autorid backend examples > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/idmap_autorid.8.xml | 10 ++++------ > 1 files changed, 4 insertions(+), 6 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_autorid.8.xml b/docs-xml/manpages-3/idmap_autorid.8.xml >index 38790ea..054ac6f 100644 >--- a/docs-xml/manpages-3/idmap_autorid.8.xml >+++ b/docs-xml/manpages-3/idmap_autorid.8.xml >@@ -88,9 +88,8 @@ > workgroup = CUSTOMER > realm = CUSTOMER.COM > >- idmap backend = autorid >- idmap uid = 1000000-1999999 >- idmap gid = 1000000-1999999 >+ idmap config * : backend = autorid >+ idmap config * : range = 1000000-1999999 > > </programlisting> > >@@ -108,10 +107,9 @@ > workgroup = CUSTOMER > realm = CUSTOMER.COM > >- idmap backend = autorid >+ idmap config * : backend = autorid >+ idmap config * : range = 1000000-19999999 > autorid:rangesize = 1000000 >- idmap uid = 1000000-19999999 >- idmap gid = 1000000-19999999 > > idmap config TRUSTED : backend = ad > idmap config TRUSTED : range = 50000 - 99999 >-- >1.7.1 > > >From 2e0c61ab34051feb3880c197196a528acb8ddb7b Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:25 +0200 >Subject: [PATCH 07/30] idmap_autorid.8: Avoid confusion with idmap uid and idmap gid options > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/idmap_autorid.8.xml | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_autorid.8.xml b/docs-xml/manpages-3/idmap_autorid.8.xml >index 054ac6f..ac66384 100644 >--- a/docs-xml/manpages-3/idmap_autorid.8.xml >+++ b/docs-xml/manpages-3/idmap_autorid.8.xml >@@ -97,7 +97,7 @@ > This example shows how to configure idmap_autorid as default > for all domains with a potentially large amount of users > plus a specific configuration for a trusted domain >- that uses the SFU mapping scheme. Please note that idmap uid/gid >+ that uses the SFU mapping scheme. Please note that idmap > ranges and sfu ranges are not allowed to overlap. > </para> > >-- >1.7.1 > > >From bbe790994dc606f33eb62bf6b458587e8eece1d4 Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:26 +0200 >Subject: [PATCH 08/30] wbinfo.1: Avoid confusion with idmap uid option > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/wbinfo.1.xml | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > >diff --git a/docs-xml/manpages-3/wbinfo.1.xml b/docs-xml/manpages-3/wbinfo.1.xml >index c1b2c1f..0701d08 100644 >--- a/docs-xml/manpages-3/wbinfo.1.xml >+++ b/docs-xml/manpages-3/wbinfo.1.xml >@@ -423,7 +423,7 @@ > <term>-U|--uid-to-sid <replaceable>uid</replaceable></term> > <listitem><para>Try to convert a UNIX user id to a Windows NT > SID. If the uid specified does not refer to one within >- the idmap uid range then the operation will fail. </para></listitem> >+ the idmap range then the operation will fail. </para></listitem> > </varlistentry> > > <varlistentry> >-- >1.7.1 > > >From 69b85592ac533a7022024aa1496d0a7a2756414b Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:27 +0200 >Subject: [PATCH 09/30] winbindd.8: Use new syntax in example > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/winbindd.8.xml | 3 +-- > 1 files changed, 1 insertions(+), 2 deletions(-) > >diff --git a/docs-xml/manpages-3/winbindd.8.xml b/docs-xml/manpages-3/winbindd.8.xml >index c9fd4d8..78b7b9a 100644 >--- a/docs-xml/manpages-3/winbindd.8.xml >+++ b/docs-xml/manpages-3/winbindd.8.xml >@@ -340,8 +340,7 @@ auth required /lib/security/pam_unix.so \ > winbind cache time = 10 > template shell = /bin/bash > template homedir = /home/%D/%U >- idmap uid = 10000-20000 >- idmap gid = 10000-20000 >+ idmap config * : range = 10000-20000 > workgroup = DOMAIN > security = domain > password server = * >-- >1.7.1 > > >From 891e1800a966bfe5b338826db829c2d34294b4bb Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:28 +0200 >Subject: [PATCH 10/30] idmap_tdb2.8: Use new syntax in example > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/idmap_tdb2.8.xml | 5 ++--- > 1 files changed, 2 insertions(+), 3 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_tdb2.8.xml b/docs-xml/manpages-3/idmap_tdb2.8.xml >index a5d1080..3be4f30 100644 >--- a/docs-xml/manpages-3/idmap_tdb2.8.xml >+++ b/docs-xml/manpages-3/idmap_tdb2.8.xml >@@ -113,9 +113,8 @@ > > <programlisting> > [global] >- idmap backend = tdb2 >- idmap uid = 1000000-2000000 >- idmap gid = 1000000-2000000 >+ idmap config * : backend = tdb2 >+ idmap config * : range = 1000000-2000000 > </programlisting> > </refsect1> > >-- >1.7.1 > > >From b6c5ed20ba84f7c91c5cb00f12b158e31276cda5 Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:29 +0200 >Subject: [PATCH 11/30] idmap_tdb2.8: Remove part about alloc backend > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/idmap_tdb2.8.xml | 20 +------------------- > 1 files changed, 1 insertions(+), 19 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_tdb2.8.xml b/docs-xml/manpages-3/idmap_tdb2.8.xml >index 3be4f30..b4a46f8 100644 >--- a/docs-xml/manpages-3/idmap_tdb2.8.xml >+++ b/docs-xml/manpages-3/idmap_tdb2.8.xml >@@ -28,25 +28,7 @@ > <para> > In contrast to read only backends like idmap_rid, it is an allocating > backend: This means that it needs to allocate new user and group IDs in >- order to create new mappings. The allocator can be provided by the >- idmap_tdb2 backend itself or by any other allocating backend like >- idmap_tdb or idmap_ldap. This is configured with the >- parameter <parameter>idmap alloc backend</parameter>. >- </para> >- >- <para> >- Note that in order for this (or any other allocating) backend to >- function at all, the default backend needs to be writeable. >- The ranges used for uid and gid allocation are the default ranges >- configured by "idmap uid" and "idmap gid". >- </para> >- >- <para> >- Furthermore, since there is only one global allocating backend >- responsible for all domains using writeable idmap backends, >- any explicitly configured domain with idmap backend tdb2 >- should have the same range as the default range, since it needs >- to use the global uid / gid allocator. See the example below. >+ order to create new mappings. > </para> > </refsynopsisdiv> > >-- >1.7.1 > > >From 6108092f3971f9c6a38ae8a103f4317ad3cb3f80 Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:30 +0200 >Subject: [PATCH 12/30] idmap_tdb2.8: Avoid confusion with idmap uid and idmap gid options > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/idmap_tdb2.8.xml | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_tdb2.8.xml b/docs-xml/manpages-3/idmap_tdb2.8.xml >index b4a46f8..2c4e523 100644 >--- a/docs-xml/manpages-3/idmap_tdb2.8.xml >+++ b/docs-xml/manpages-3/idmap_tdb2.8.xml >@@ -90,7 +90,7 @@ > <para> > This example shows how tdb2 is used as a the default idmap backend. > It configures the idmap range through the global options for all >- domains encountered. This same range is used for uid/gid allocation. >+ domains encountered. > </para> > > <programlisting> >-- >1.7.1 > > >From 6e2f8c92cd0f64df17fa526489750e1a6d1a9c3c Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:31 +0200 >Subject: [PATCH 13/30] idmap_tdb2.8: Remove mentioning of deprecated idmap uid and idmap gid options as fallback > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/idmap_tdb2.8.xml | 3 --- > 1 files changed, 0 insertions(+), 3 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_tdb2.8.xml b/docs-xml/manpages-3/idmap_tdb2.8.xml >index 2c4e523..980ffe6 100644 >--- a/docs-xml/manpages-3/idmap_tdb2.8.xml >+++ b/docs-xml/manpages-3/idmap_tdb2.8.xml >@@ -41,9 +41,6 @@ > <listitem><para> > Defines the available matching uid and gid range for which the > backend is authoritative. >- If the parameter is absent, Winbind fails over to use >- the "idmap uid" and "idmap gid" options >- from smb.conf. > </para></listitem> > </varlistentry> > </variablelist> >-- >1.7.1 > > >From 69a66130ad01a72e27c5c605ee2be7a5c368671a Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:32 +0200 >Subject: [PATCH 14/30] idmap_ldap.8: Rework example to use new idmap syntax > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/idmap_ldap.8.xml | 17 +++++++---------- > 1 files changed, 7 insertions(+), 10 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml b/docs-xml/manpages-3/idmap_ldap.8.xml >index e3588b9..bd955b8 100644 >--- a/docs-xml/manpages-3/idmap_ldap.8.xml >+++ b/docs-xml/manpages-3/idmap_ldap.8.xml >@@ -128,20 +128,17 @@ > <title>EXAMPLES</title> > > <para> >- The follow sets of a LDAP configuration which uses two LDAP >- directories, one for storing the ID mappings and one for retrieving >- new IDs. >+ The following example shows how an ldap directory is used as the >+ default idmap backend. It also configures the idmap range and base >+ directory suffix. > </para> > > <programlisting> > [global] >- idmap backend = ldap:ldap://localhost/ >- idmap uid = 1000000-1999999 >- idmap gid = 1000000-1999999 >- >- idmap alloc backend = ldap >- idmap alloc config : ldap_url = ldap://id-master/ >- idmap alloc config : ldap_base_dn = ou=idmap,dc=example,dc=com >+ idmap config * : backend = ldap >+ idmap config * : range = 1000000-1999999 >+ idmap config * : ldap_url = ldap://localhost/ >+ idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com > </programlisting> > </refsect1> > >-- >1.7.1 > > >From 48f8c0c8f60fe05a6a8138ef9dbc5602acc87ab9 Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:33 +0200 >Subject: [PATCH 15/30] idmap_ldap.8: Remove references to idmap alloc backend > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/idmap_ldap.8.xml | 51 +--------------------------------- > 1 files changed, 1 insertions(+), 50 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml b/docs-xml/manpages-3/idmap_ldap.8.xml >index bd955b8..c1fdb46 100644 >--- a/docs-xml/manpages-3/idmap_ldap.8.xml >+++ b/docs-xml/manpages-3/idmap_ldap.8.xml >@@ -27,26 +27,9 @@ > <para> > In contrast to read only backends like idmap_rid, it is an allocating > backend: This means that it needs to allocate new user and group IDs in >- order to create new mappings. The allocator can be provided by the >- idmap_ldap backend itself or by any other allocating backend like >- idmap_tdb or idmap_tdb2. This is configured with the >- parameter <parameter>idmap alloc backend</parameter>. >+ order to create new mappings. > </para> > >- <para> >- Note that in order for this (or any other allocating) backend to >- function at all, the default backend needs to be writeable. >- The ranges used for uid and gid allocation are the default ranges >- configured by "idmap uid" and "idmap gid". >- </para> >- >- <para> >- Furthermore, since there is only one global allocating backend >- responsible for all domains using writeable idmap backends, >- any explicitly configured domain with idmap backend ldap >- should have the same range as the default range, since it needs >- to use the global uid / gid allocator. See the example below. >- </para> > </refsynopsisdiv> > > <refsect1> >@@ -93,38 +76,6 @@ > </refsect1> > > <refsect1> >- <title>IDMAP ALLOC OPTIONS</title> >- >- <variablelist> >- <varlistentry> >- <term>ldap_base_dn = DN</term> >- <listitem><para> >- Defines the directory base suffix under which new SID/uid/gid mapping >- entries should be stored. If not defined, idmap_ldap will default >- to using the "ldap idmap suffix" option from smb.conf. >- </para></listitem> >- </varlistentry> >- >- <varlistentry> >- <term>ldap_user_dn = DN</term> >- <listitem><para> >- Defines the user DN to be used for authentication. If absent an >- anonymous bind will be performed. >- </para></listitem> >- </varlistentry> >- >- <varlistentry> >- <term>ldap_url = ldap://server/</term> >- <listitem><para> >- Specifies the LDAP server to which modify/add/delete requests should >- be sent. If not defined, idmap_ldap will assume that ldap://localhost/ >- should be used. >- </para></listitem> >- </varlistentry> >- </variablelist> >-</refsect1> >- >-<refsect1> > <title>EXAMPLES</title> > > <para> >-- >1.7.1 > > >From 0da16abd06fe544747134a6c44d595f78be7a8be Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:34 +0200 >Subject: [PATCH 16/30] idmap_ldap.8: Backend is not only used for searching > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/idmap_ldap.8.xml | 4 ++-- > 1 files changed, 2 insertions(+), 2 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml b/docs-xml/manpages-3/idmap_ldap.8.xml >index c1fdb46..2041964 100644 >--- a/docs-xml/manpages-3/idmap_ldap.8.xml >+++ b/docs-xml/manpages-3/idmap_ldap.8.xml >@@ -39,7 +39,7 @@ > <varlistentry> > <term>ldap_base_dn = DN</term> > <listitem><para> >- Defines the directory base suffix to use when searching for >+ Defines the directory base suffix to use for > SID/uid/gid mapping entries. If not defined, idmap_ldap will default > to using the "ldap idmap suffix" option from smb.conf. > </para></listitem> >@@ -56,7 +56,7 @@ > <varlistentry> > <term>ldap_url = ldap://server/</term> > <listitem><para> >- Specifies the LDAP server to use when searching for existing >+ Specifies the LDAP server to use for > SID/uid/gid map entries. If not defined, idmap_ldap will > assume that ldap://localhost/ should be used. > </para></listitem> >-- >1.7.1 > > >From 78bbd49553099df4987ecd6df42fe615380e7a8f Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:35 +0200 >Subject: [PATCH 17/30] idmap_ldap.8: Remove reference to idmap uid and idmap gid options as fallback > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/idmap_ldap.8.xml | 3 --- > 1 files changed, 0 insertions(+), 3 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml b/docs-xml/manpages-3/idmap_ldap.8.xml >index 2041964..4cbfe84 100644 >--- a/docs-xml/manpages-3/idmap_ldap.8.xml >+++ b/docs-xml/manpages-3/idmap_ldap.8.xml >@@ -67,9 +67,6 @@ > <listitem><para> > Defines the available matching uid and gid range for which the > backend is authoritative. >- If the parameter is absent, Winbind fails over to use the >- "idmap uid" and "idmap gid" options >- from smb.conf. > </para></listitem> > </varlistentry> > </variablelist> >-- >1.7.1 > > >From 212f20a86831383da6caa8787ed49e81f82a4664 Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:36 +0200 >Subject: [PATCH 18/30] idmap_tdb.8: Use new idmap syntax in examples > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/idmap_tdb.8.xml | 13 +++++-------- > 1 files changed, 5 insertions(+), 8 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_tdb.8.xml b/docs-xml/manpages-3/idmap_tdb.8.xml >index 06a2967..90d797f 100644 >--- a/docs-xml/manpages-3/idmap_tdb.8.xml >+++ b/docs-xml/manpages-3/idmap_tdb.8.xml >@@ -77,10 +77,9 @@ > > <programlisting> > [global] >- # "idmap backend = tdb" is redundant here since it is the default >- idmap backend = tdb >- idmap uid = 1000000-2000000 >- idmap gid = 1000000-2000000 >+ # "backend = tdb" is redundant here since it is the default >+ idmap config * : backend = tdb >+ idmap config * : range = 1000000-2000000 > </programlisting> > > <para> >@@ -95,11 +94,9 @@ > > <programlisting> > [global] >- idmap backend = ldap >- idmap uid = 1000000-2000000 >- idmap gid = 1000000-2000000 >+ idmap config * : backend = ldap >+ idmap config * : range = 1000000-2000000 > # use a different uid/gid allocator: >- idmap alloc backend = tdb > > idmap config DOM1 : backend = tdb > idmap config DOM1 : range = 1000000-2000000 >-- >1.7.1 > > >From db25b18b219ad00c3286c8f0fdbbe2d753178ab4 Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:37 +0200 >Subject: [PATCH 19/30] idmap_tdb.8: Remove references to alloc backend > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/idmap_tdb.8.xml | 20 +------------------- > 1 files changed, 1 insertions(+), 19 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_tdb.8.xml b/docs-xml/manpages-3/idmap_tdb.8.xml >index 90d797f..b58bdf5 100644 >--- a/docs-xml/manpages-3/idmap_tdb.8.xml >+++ b/docs-xml/manpages-3/idmap_tdb.8.xml >@@ -27,25 +27,7 @@ > <para> > In contrast to read only backends like idmap_rid, it is an allocating > backend: This means that it needs to allocate new user and group IDs in >- order to create new mappings. The allocator can be provided by the >- idmap_tdb backend itself or by any other allocating backend like >- idmap_ldap or idmap_tdb2. This is configured with the >- parameter <parameter>idmap alloc backend</parameter>. >- </para> >- >- <para> >- Note that in order for this (or any other allocating) backend to >- function at all, the default backend needs to be writeable. >- The ranges used for uid and gid allocation are the default ranges >- configured by "idmap uid" and "idmap gid". >- </para> >- >- <para> >- Furthermore, since there is only one global allocating backend >- responsible for all domains using writeable idmap backends, >- any explicitly configured domain with idmap backend tdb >- should have the same range as the default range, since it needs >- to use the global uid / gid allocator. See the example below. >+ order to create new mappings. > </para> > </refsynopsisdiv> > >-- >1.7.1 > > >From 38f56472e28cd03bd6d255891e003090b3c82025 Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:38 +0200 >Subject: [PATCH 20/30] idmap_tdb.8: Remove reference to idmap uid and idmap gid options as fallback > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/idmap_tdb.8.xml | 3 --- > 1 files changed, 0 insertions(+), 3 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_tdb.8.xml b/docs-xml/manpages-3/idmap_tdb.8.xml >index b58bdf5..cd024e8 100644 >--- a/docs-xml/manpages-3/idmap_tdb.8.xml >+++ b/docs-xml/manpages-3/idmap_tdb.8.xml >@@ -40,9 +40,6 @@ > <listitem><para> > Defines the available matching uid and gid range for which the > backend is authoritative. >- If the parameter is absent, Winbind fails over to use >- the "idmap uid" and "idmap gid" options >- from smb.conf. > </para></listitem> > </varlistentry> > </variablelist> >-- >1.7.1 > > >From f25e006e4aaf58431043192fa9234745549ee2d0 Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 00:26:39 +0200 >Subject: [PATCH 21/30] winbindd.8: Fix typo > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> > >Autobuild-User: Michael Adam <obnox@samba.org> >Autobuild-Date: Tue May 31 02:56:52 CEST 2011 on sn-devel-104 >--- > docs-xml/manpages-3/winbindd.8.xml | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > >diff --git a/docs-xml/manpages-3/winbindd.8.xml b/docs-xml/manpages-3/winbindd.8.xml >index 78b7b9a..c46371e 100644 >--- a/docs-xml/manpages-3/winbindd.8.xml >+++ b/docs-xml/manpages-3/winbindd.8.xml >@@ -45,7 +45,7 @@ > <para>Even if winbind is not used for nsswitch, it still provides a > service to <command>smbd</command>, <command>ntlm_auth</command> > and the <command>pam_winbind.so</command> PAM module, by managing connections to >- domain controllers. In this configuraiton the >+ domain controllers. In this configuration the > <smbconfoption name="idmap uid"/> and > <smbconfoption name="idmap gid"/> > parameters are not required. (This is known as `netlogon proxy only mode'.)</para> >-- >1.7.1 > > >From 0fd7a95655244981a20e678ce3765e03a6c4694e Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Tue, 31 May 2011 10:03:18 +0200 >Subject: [PATCH 22/30] s3:doc: update documentation of the "idmap config FOO : BAR" familiy of parameters > >--- > docs-xml/smbdotconf/winbind/idmapconfig.xml | 103 +++++++++++++++++++++----- > 1 files changed, 83 insertions(+), 20 deletions(-) > >diff --git a/docs-xml/smbdotconf/winbind/idmapconfig.xml b/docs-xml/smbdotconf/winbind/idmapconfig.xml >index f6e97b9..69bddf0 100644 >--- a/docs-xml/smbdotconf/winbind/idmapconfig.xml >+++ b/docs-xml/smbdotconf/winbind/idmapconfig.xml >@@ -6,44 +6,108 @@ > <description> > > <para> >- The idmap config prefix provides a means of managing each trusted >- domain separately. The idmap config prefix should be followed by the >- name of the domain, a colon, and a setting specific to the chosen >- backend. There are three options available for all domains: >+ ID mapping in Samba is the mapping between Windows SIDs and Unix user >+ and group IDs. This is performed by Winbindd with a configurable plugin >+ interface. Samba's ID mapping is configured by options starting with the >+ <smbconfoption name="idmap config"/> prefix. >+ An idmap option consists of the <smbconfoption name="idmap config"/> >+ prefix, followed by a domain name or the asterisk character (*), >+ a colon, and the name of an idmap setting for the chosen domain. > </para> > >- <variablelist> >+ <para> >+ The idmap configuration is hence divided into groups, one group >+ for each domain to be configured, and one group with the the >+ asterisk instead of a proper domain name, which speifies the >+ default configuration that is used to catch all domains that do >+ not have an explicit idmap configuration of their own. >+ </para> >+ >+ <para> >+ There are three general options available: >+ </para> >+ >+ <variablelist> > <varlistentry> > <term>backend = backend_name</term> > <listitem><para> >- Specifies the name of the idmap plugin to use as the >- SID/uid/gid backend for this domain. >+ This specifies the name of the idmap plugin to use as the >+ SID/uid/gid backend for this domain. The standard backends are >+ tdb >+ (<citerefentry><refentrytitle>idmap_tdb</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>), >+ tdb2 >+ (<citerefentry><refentrytitle>idmap_tdb2</refentrytitle> <manvolnum>8</manvolnum></citerefentry>), >+ ldap >+ (<citerefentry><refentrytitle>idmap_ldap</refentrytitle> <manvolnum>8</manvolnum></citerefentry>), >+ , >+ rid >+ (<citerefentry><refentrytitle>idmap_rid</refentrytitle> <manvolnum>8</manvolnum></citerefentry>), >+ , >+ hash >+ (<citerefentry><refentrytitle>idmap_hash</refentrytitle> <manvolnum>8</manvolnum></citerefentry>), >+ , >+ autorid >+ (<citerefentry><refentrytitle>idmap_autorid</refentrytitle> <manvolnum>8</manvolnum></citerefentry>), >+ , >+ ad >+ (<citerefentry><refentrytitle>idmap_ad</refentrytitle> <manvolnum>8</manvolnum></citerefentry>), >+ , >+ adex >+ (<citerefentry><refentrytitle>idmap_adex</refentrytitle> <manvolnum>8</manvolnum></citerefentry>), >+ , >+ and nss. >+ (<citerefentry><refentrytitle>idmap_nss</refentrytitle> <manvolnum>8</manvolnum></citerefentry>), >+ The corresponding manual pages contain the details, but >+ here is a summary. >+ </para> >+ <para> >+ The first three of these create mappings of their own using >+ internal unixid counters and store the mappings in a database. >+ These are suitable for use in the default idmap configuration. >+ The rid and hash backends use a pure algorithmic calculation >+ to determine the unixid for a SID. The autorid module is a >+ mixture of the tdb and rid backend. It creates ranges for >+ each domain encountered and then uses the rid algorithm for each >+ of these automatically configured domains individually. >+ The ad and adex >+ backends both use unix IDs stored in Active Directory via >+ the standard schema extensions. The nss backend reverses >+ the standard winbindd setup and gets the unixids via names >+ from nsswitch which can be useful in an ldap setup. > </para></listitem> > </varlistentry> > > <varlistentry> > <term>range = low - high</term> >- <listitem><para> >+ <listitem><para> > Defines the available matching uid and gid range for which the >- backend is authoritative. Note that the range commonly >- matches the allocation range due to the fact that the same >- backend will store and retrieve SID/uid/gid mapping entries. >- </para> >+ backend is authoritative. For allocating backends, this also >+ defines the start and the end of the range for allocating >+ new unid IDs. >+ </para> > <para> > winbind uses this parameter to find the backend that is >- authoritative for a unix ID to SID mapping, so it must be set >- for each individually configured domain, and it must be >- disjoint from the ranges set via <smbconfoption name="idmap >- uid"/> and <smbconfoption name="idmap gid"/>. >+ authoritative for a unix ID to SID mapping, so it must be set >+ for each individually configured domain and for the default >+ configuration. The configured ranges must be mutually disjoint. > </para></listitem> >+ </varlistentry> > >+ <varlistentry> >+ <term>read only = yes|no</term> >+ <listitem><para> >+ This option can be used to turn the writing backends >+ tdb, tdb2, and ldap into read only mode. This can be useful >+ e.g. in cases where a pre-filled database exists that should >+ not be extended automatically. >+ </para></listitem> > </varlistentry> > </variablelist> > > <para> > The following example illustrates how to configure the <citerefentry> > <refentrytitle>idmap_ad</refentrytitle> <manvolnum>8</manvolnum> >- </citerefentry> for the CORP domain and the >+ </citerefentry> backend for the CORP domain and the > <citerefentry><refentrytitle>idmap_tdb</refentrytitle> > <manvolnum>8</manvolnum></citerefentry> backend for all other > domains. This configuration assumes that the admin of CORP assigns >@@ -53,9 +117,8 @@ > </para> > > <programlisting> >- idmap backend = tdb >- idmap uid = 1000000-1999999 >- idmap gid = 1000000-1999999 >+ idmap config * : backend = tdb >+ idmap config * : range = 1000000-1999999 > > idmap config CORP : backend = ad > idmap config CORP : range = 1000-999999 >-- >1.7.1 > > >From 323fb6cadb2b614000c51fefeab4908b312cb519 Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Tue, 31 May 2011 10:07:59 +0200 >Subject: [PATCH 23/30] s3:doc: document "idmap backend" as deprecated. > >--- > docs-xml/smbdotconf/winbind/idmapbackend.xml | 35 +------------------------ > 1 files changed, 2 insertions(+), 33 deletions(-) > >diff --git a/docs-xml/smbdotconf/winbind/idmapbackend.xml b/docs-xml/smbdotconf/winbind/idmapbackend.xml >index 824476f..bd96dfe 100644 >--- a/docs-xml/smbdotconf/winbind/idmapbackend.xml >+++ b/docs-xml/smbdotconf/winbind/idmapbackend.xml >@@ -11,39 +11,8 @@ > > <para> > This option specifies the default backend that is used when no special >- configuration set by <smbconfoption name="idmap config"/> matches the >- specific request. >- </para> >- >- <para> >- This default backend also specifies the place where winbind-generated >- idmap entries will be stored. So it is highly recommended that you >- specify a writable backend like <citerefentry> >- <refentrytitle>idmap_tdb</refentrytitle> <manvolnum>8</manvolnum> >- </citerefentry> or <citerefentry> >- <refentrytitle>idmap_ldap</refentrytitle> <manvolnum>8</manvolnum> >- </citerefentry> as the idmap backend. The <citerefentry> >- <refentrytitle>idmap_rid</refentrytitle> <manvolnum>8</manvolnum> >- </citerefentry> and <citerefentry> >- <refentrytitle>idmap_ad</refentrytitle> <manvolnum>8</manvolnum> >- </citerefentry> backends are not writable and thus will generate >- unexpected results if set as idmap backend. >- </para> >- >- <para> >- To use the rid and ad backends, please specify them via the >- <smbconfoption name="idmap config"/> parameter, possibly also for the >- domain your machine is member of, specified by <smbconfoption >- name="workgroup"/>. >- </para> >- >- <para>Examples of SID/uid/gid backends include tdb (<citerefentry> >- <refentrytitle>idmap_tdb</refentrytitle><manvolnum>8</manvolnum></citerefentry>), >- ldap (<citerefentry><refentrytitle>idmap_ldap</refentrytitle> >- <manvolnum>8</manvolnum></citerefentry>), rid (<citerefentry> >- <refentrytitle>idmap_rid</refentrytitle><manvolnum>8</manvolnum></citerefentry>), >- and ad (<citerefentry><refentrytitle>idmap_ad</refentrytitle> >- <manvolnum>8</manvolnum></citerefentry>). >+ configuration set, but it is now deprecated in favour of the new >+ spelling <smbconfoption name="idmap config * : backend"/>. > </para> > </description> > >-- >1.7.1 > > >From 571d7744d36731df68eae63158caed7d1dd8a749 Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Tue, 31 May 2011 10:08:44 +0200 >Subject: [PATCH 24/30] s3:doc: remove the documentation of "idmap alloc backend", which has been removed > >--- > docs-xml/smbdotconf/winbind/idmapallocconfig.xml | 14 -------------- > 1 files changed, 0 insertions(+), 14 deletions(-) > delete mode 100644 docs-xml/smbdotconf/winbind/idmapallocconfig.xml > >diff --git a/docs-xml/smbdotconf/winbind/idmapallocconfig.xml b/docs-xml/smbdotconf/winbind/idmapallocconfig.xml >deleted file mode 100644 >index 0139041..0000000 >--- a/docs-xml/smbdotconf/winbind/idmapallocconfig.xml >+++ /dev/null >@@ -1,14 +0,0 @@ >-<samba:parameter name="idmap alloc config" >- context="G" >- type="string" >- advanced="1" developer="1" hide="1" >- xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> >-<description> >- <para> >- The idmap alloc config prefix provides a means of managing settings >- for the backend defined by the <smbconfoption name="idmap alloc backend"/> >- parameter. Refer to the man page for each idmap plugin regarding >- specific configuration details. >- </para> >-</description> >-</samba:parameter> >-- >1.7.1 > > >From 6133489051862e04692089ab7f2eba5b15df9be5 Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Tue, 31 May 2011 10:29:08 +0200 >Subject: [PATCH 25/30] s3:doc: document "idmap uid" as deprecated. > >--- > docs-xml/smbdotconf/winbind/idmapuid.xml | 12 +++++------- > 1 files changed, 5 insertions(+), 7 deletions(-) > >diff --git a/docs-xml/smbdotconf/winbind/idmapuid.xml b/docs-xml/smbdotconf/winbind/idmapuid.xml >index 2c53817..ce5a4de 100644 >--- a/docs-xml/smbdotconf/winbind/idmapuid.xml >+++ b/docs-xml/smbdotconf/winbind/idmapuid.xml >@@ -6,14 +6,12 @@ > <synonym>winbind uid</synonym> > <description> > <para> >- The idmap uid parameter specifies the range of user ids that are >- allocated for use in mapping UNIX users to NT user SIDs. This >- range of ids should have no existing local >- or NIS users within it as strange conflicts can occur otherwise.</para> >- >- <para>See also the <smbconfoption name="idmap backend"/> and >- <smbconfoption name="idmap config"/> options. >+ The idmap uid parameter specifies the range of user ids for >+ the default idmap configuration. It is now deprecated in favour >+ of <smbconfoption name="idmap config * : range"/>. > </para> >+ >+ <para>See the <smbconfoption name="idmap config"/> option.</para> > </description> > > <value type="default"></value> >-- >1.7.1 > > >From 7ba301b512e15c4c1ff6c968a2ef0a93c984b443 Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Tue, 31 May 2011 10:29:37 +0200 >Subject: [PATCH 26/30] s3:doc: document "idmap gid" as deprecated. > >Autobuild-User: Michael Adam <obnox@samba.org> >Autobuild-Date: Tue May 31 11:39:38 CEST 2011 on sn-devel-104 >--- > docs-xml/smbdotconf/winbind/idmapgid.xml | 13 +++++-------- > 1 files changed, 5 insertions(+), 8 deletions(-) > >diff --git a/docs-xml/smbdotconf/winbind/idmapgid.xml b/docs-xml/smbdotconf/winbind/idmapgid.xml >index ef3ae4f..27648a2 100644 >--- a/docs-xml/smbdotconf/winbind/idmapgid.xml >+++ b/docs-xml/smbdotconf/winbind/idmapgid.xml >@@ -5,16 +5,13 @@ > xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> > <synonym>winbind gid</synonym> > <description> >- <para>The idmap gid parameter specifies the range of group ids >- that are allocated for the purpose of mapping UNX groups to NT group >- SIDs. This range of group ids should have no >- existing local or NIS groups within it as strange conflicts can >- occur otherwise.</para> >- >- <para>See also the <smbconfoption name="idmap backend"/>, and >- <smbconfoption name="idmap config"/> options. >+ <para> >+ The idmap gid parameter specifies the range of group ids >+ for the default idmap configuration. It is now deprecated >+ in favour of <smbconfoption name="idmap config * : range"/>. > </para> > >+ <para>See the <smbconfoption name="idmap config"/> option.</para> > </description> > > <value type="default"></value> >-- >1.7.1 > > >From ec8f70abc1d27e2e8d92861bce2b8552c025d43a Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 17:21:09 +0200 >Subject: [PATCH 27/30] winbindd.8: Use new idmap syntax for smbconfoptions > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/winbindd.8.xml | 13 +++++-------- > 1 files changed, 5 insertions(+), 8 deletions(-) > >diff --git a/docs-xml/manpages-3/winbindd.8.xml b/docs-xml/manpages-3/winbindd.8.xml >index c46371e..df44e44 100644 >--- a/docs-xml/manpages-3/winbindd.8.xml >+++ b/docs-xml/manpages-3/winbindd.8.xml >@@ -46,9 +46,8 @@ > service to <command>smbd</command>, <command>ntlm_auth</command> > and the <command>pam_winbind.so</command> PAM module, by managing connections to > domain controllers. In this configuration the >- <smbconfoption name="idmap uid"/> and >- <smbconfoption name="idmap gid"/> >- parameters are not required. (This is known as `netlogon proxy only mode'.)</para> >+ <smbconfoption name="idmap config * : range"/> >+ parameter is not required. (This is known as `netlogon proxy only mode'.)</para> > > <para> The Name Service Switch allows user > and system information to be obtained from different databases >@@ -246,11 +245,9 @@ hosts: files wins > <listitem><para> > <smbconfoption name="winbind separator"/></para></listitem> > <listitem><para> >- <smbconfoption name="idmap uid"/></para></listitem> >+ <smbconfoption name="idmap config * : range"/></para></listitem> > <listitem><para> >- <smbconfoption name="idmap gid"/></para></listitem> >- <listitem><para> >- <smbconfoption name="idmap backend"/></para></listitem> >+ <smbconfoption name="idmap config * : backend"/></para></listitem> > <listitem><para> > <smbconfoption name="winbind cache time"/></para></listitem> > <listitem><para> >@@ -373,7 +370,7 @@ auth required /lib/security/pam_unix.so \ > <para>If more than one UNIX machine is running <command>winbindd</command>, > then in general the user and groups ids allocated by winbindd will not > be the same. The user and group ids will only be valid for the local >- machine, unless a shared <smbconfoption name="idmap backend"/> is configured.</para> >+ machine, unless a shared <smbconfoption name="idmap config * : backend"/> is configured.</para> > > <para>If the the Windows NT SID to UNIX user and group id mapping > file is damaged or destroyed then the mappings will be lost. </para> >-- >1.7.1 > > >From 74cff173d54c616f440fbd151413f5c8a2e5ab35 Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Tue, 31 May 2011 18:09:14 +0200 >Subject: [PATCH 28/30] s3:doc: clean up the example section of the idmap_tdb manpage > >Autobuild-User: Michael Adam <obnox@samba.org> >Autobuild-Date: Tue May 31 19:47:45 CEST 2011 on sn-devel-104 >--- > docs-xml/manpages-3/idmap_tdb.8.xml | 23 +---------------------- > 1 files changed, 1 insertions(+), 22 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_tdb.8.xml b/docs-xml/manpages-3/idmap_tdb.8.xml >index cd024e8..c67d6cb 100644 >--- a/docs-xml/manpages-3/idmap_tdb.8.xml >+++ b/docs-xml/manpages-3/idmap_tdb.8.xml >@@ -50,8 +50,7 @@ > > <para> > This example shows how tdb is used as a the default idmap backend. >- It configures the idmap range through the global options for all >- domains encountered. This same range is used for uid/gid allocation. >+ This configured range is used for uid and gid allocation. > </para> > > <programlisting> >@@ -60,26 +59,6 @@ > idmap config * : backend = tdb > idmap config * : range = 1000000-2000000 > </programlisting> >- >- <para> >- This (rather theoretical) example shows how tdb can be used as the >- allocating backend while ldap is the default backend used to store >- the mappings. >- It adds an explicit configuration for some domain DOM1, that >- uses the tdb idmap backend. Note that the same range as the >- default uid/gid range is used, since the allocator has to serve >- both the default backend and the explicitly configured domain DOM1. >- </para> >- >- <programlisting> >- [global] >- idmap config * : backend = ldap >- idmap config * : range = 1000000-2000000 >- # use a different uid/gid allocator: >- >- idmap config DOM1 : backend = tdb >- idmap config DOM1 : range = 1000000-2000000 >- </programlisting> > </refsect1> > > <refsect1> >-- >1.7.1 > > >From 470b07b57ba35fb5ee5133b7787120905625bddf Mon Sep 17 00:00:00 2001 >From: Luk Claes <luk@debian.org> >Date: Tue, 31 May 2011 23:28:57 +0200 >Subject: [PATCH 29/30] idmap_ldap.8: Add example with readonly backend > >Signed-off-by: Luk Claes <luk@debian.org> >Signed-off-by: Michael Adam <obnox@samba.org> >--- > docs-xml/manpages-3/idmap_ldap.8.xml | 22 ++++++++++++++++++++++ > 1 files changed, 22 insertions(+), 0 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml b/docs-xml/manpages-3/idmap_ldap.8.xml >index 4cbfe84..e77aec0 100644 >--- a/docs-xml/manpages-3/idmap_ldap.8.xml >+++ b/docs-xml/manpages-3/idmap_ldap.8.xml >@@ -88,6 +88,28 @@ > idmap config * : ldap_url = ldap://localhost/ > idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com > </programlisting> >+ >+ <para> >+ This example shows how ldap can be used as a readonly backend while >+ tdb is the default backend used to store the mappings. >+ It adds an explicit configuration for some domain DOM1, that >+ uses the ldap idmap backend. Note that a range disjoint from the >+ default range is used. >+ </para> >+ >+ <programlisting> >+ [global] >+ # "backend = tdb" is redundant here since it is the default >+ idmap config * : backend = tdb >+ idmap config * : range = 1000000-1999999 >+ >+ idmap config DOM1 : backend = ldap >+ idmap config DOM1 : range = 2000000-2999999 >+ idmap config DOM1 : read only = yes >+ idmap config DOM1 : ldap_url = ldap://server/ >+ idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com >+ idmap config DOM1 : ldap_user_dn = cn=idmap_admin,dc=dom1,dc=example,dc=com >+ </programlisting> > </refsect1> > > <refsynopsisdiv> >-- >1.7.1 > > >From 116767cb6312d7d392338f3b126d47ec6bdb76a2 Mon Sep 17 00:00:00 2001 >From: Michael Adam <obnox@samba.org> >Date: Wed, 1 Jun 2011 01:19:50 +0200 >Subject: [PATCH 30/30] s3:doc: update the ldap_user_dn documentation in the idmap_ldap manpage > >also extend the example with ldap_user_dn. > >Autobuild-User: Michael Adam <obnox@samba.org> >Autobuild-Date: Wed Jun 1 02:53:32 CEST 2011 on sn-devel-104 >--- > docs-xml/manpages-3/idmap_ldap.8.xml | 14 +++++++++++--- > 1 files changed, 11 insertions(+), 3 deletions(-) > >diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml b/docs-xml/manpages-3/idmap_ldap.8.xml >index e77aec0..2c0fcfd 100644 >--- a/docs-xml/manpages-3/idmap_ldap.8.xml >+++ b/docs-xml/manpages-3/idmap_ldap.8.xml >@@ -48,8 +48,14 @@ > <varlistentry> > <term>ldap_user_dn = DN</term> > <listitem><para> >- Defines the user DN to be used for authentication. If absent an >- anonymous bind will be performed. >+ Defines the user DN to be used for authentication. >+ The secret for authenticating this user should be >+ stored with net idmap secret >+ (see <citerefentry><refentrytitle>net</refentrytitle> >+ <manvolnum>8</manvolnum></citerefentry>). >+ If absent, the ldap credentials from the ldap passdb configuration >+ are used, and if these are also absent, an anonymous >+ bind will be performed as last fallback. > </para></listitem> > </varlistentry> > >@@ -78,7 +84,8 @@ > <para> > The following example shows how an ldap directory is used as the > default idmap backend. It also configures the idmap range and base >- directory suffix. >+ directory suffix. The secret for the ldap_user_dn has to be set with >+ "net idmap secret '*' password". > </para> > > <programlisting> >@@ -87,6 +94,7 @@ > idmap config * : range = 1000000-1999999 > idmap config * : ldap_url = ldap://localhost/ > idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com >+ idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com > </programlisting> > > <para> >-- >1.7.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 8058
: 6520