From 84f2b2d731fb7d97c98414196bf96ee94ea88bb3 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 21 Jan 2009 00:56:03 +0100 Subject: [PATCH 1/1] s3:docs: add a manpage for idmap_tdb2 Michael --- docs-xml/manpages-3/idmap_tdb2.8.xml | 132 +++++++++++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 docs-xml/manpages-3/idmap_tdb2.8.xml diff --git a/docs-xml/manpages-3/idmap_tdb2.8.xml b/docs-xml/manpages-3/idmap_tdb2.8.xml new file mode 100644 index 00000000000..6b303b48226 --- /dev/null +++ b/docs-xml/manpages-3/idmap_tdb2.8.xml @@ -0,0 +1,132 @@ + + + + + + idmap_tdb2 + 8 + Samba + System Administration tools + 3.3 + + + + + idmap_tdb2 + Samba's idmap_tdb2 Backend for Winbind + + + + DESCRIPTION + + + The idmap_tdb2 plugin is a substitute for the default idmap_tdb + backend used by winbindd for storing SID/uid/gid mapping tables + in clustered environments with Samba and CTDB. + + + + In contrast to read only + backends like idmap_rid, it is an allocating backend: + This means that it needs to allocate new user and group IDs + to create new mappings as requests to yet unmapped users are answered. + + + + Note that in order for this (or any other allocating) backend to + function at all, the default backend needs to be writeable. + The ranges used for uid and gid allocation are the default ranges + configured by "idmap uid" and "idmap gid". + + + + Furthermore, since there is only one global allocating backend + responsible for all domains using writeable idmap backends, + any explicitly configured domain with idmap backend tdb2 + should have the same range as the default range, since it needs + to use the global uid / gid allocator. See the example below. + + + + + IDMAP OPTIONS + + + + range = low - high + + Defines the available matching uid and gid range for which the + backend is authoritative. + If the parameter is absent, Winbind fails over to use + the "idmap uid" and "idmap gid" options + from smb.conf. + + + + + + + IDMAP SCRIPT + + + The tdb2 idmap backend supports a script for performing id mappings + through the smb.conf option idmap : script. + The script should accept the following command line options. + + + + SIDTOID S-1-xxxx + IDTOSID UID xxxx + IDTOSID GID xxxx + + + + And it should return one of the following responses as a single line of + text. + + + + UID:yyyy + GID:yyyy + SID:yyyy + ERR:yyyy + + + + Note that the script should cover the complete range of SIDs + that can be passed in for SID to Unix ID mapping, since otherwise + SIDs unmapped by the script might get mapped to IDs that had + previously been mapped by the script. + + + + + EXAMPLES + + + This example shows how tdb2 is used as a the default idmap backend. + It configures the idmap range through the global options for all + domains encountered. This same range is used for uid/gid allocation. + + + + [global] + # "idmap backend = tdb2" is redundant here since it is the default + idmap backend = tdb2 + idmap uid = 1000000-2000000 + idmap gid = 1000000-2000000 + + + + + AUTHOR + + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + -- 2.34.1