id mappings from an AD server that uses RFC2307/SFU schema
extensions. This module implements only the "idmap"
API, and is READONLY. Mappings must be provided in advance
- by the administrator by adding the posixAccount/posixGroup
- classes and relative attribute/value pairs to the user and
- group objects in the AD.</para>
+ by the administrator by adding the uidNumber attributes for
+ users and gidNumber attributes for groups in the AD. Winbind
+ will only map users that have a uidNumber and whose primary
+ group have a gidNumber attribute set. It is however
+ recommended that all groups in use have gidNumber attributes
+ assigned, otherwise they are not working.</para>
<para>
Note that the idmap_ad module has changed considerably since