| 1 | <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>idmap_adex</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="idmap_adex.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>idmap_adex — Samba's idmap_adex Backend for Winbind</p></div><div class="refsynopsisdiv"><h2>DESCRIPTION</h2><p>
|
|---|
| 2 | The idmap_adex plugin provides a way for Winbind to read
|
|---|
| 3 | id mappings from an AD server that uses RFC2307 schema
|
|---|
| 4 | extensions. This module implements both the idmap and nss_info
|
|---|
| 5 | APIs and supports domain trustes as well as two-way cross
|
|---|
| 6 | forest trusts. It is a read-only plugin requiring that the
|
|---|
| 7 | administrator provide mappings in advance by adding the
|
|---|
| 8 | POSIX attribute information to the users and groups objects
|
|---|
| 9 | in AD. The most common means of doing this is using "Identity
|
|---|
| 10 | Services for Unix" support on Windows 2003 R2 and later.
|
|---|
| 11 | </p><p>
|
|---|
| 12 | Note that you must add the uidNumber, gidNumber, and uid
|
|---|
| 13 | attributes to the partial attribute set of the forest global
|
|---|
| 14 | catalog servers. This can be done using the Active Directory Schema
|
|---|
| 15 | Management MMC plugin (schmmgmt.dll).
|
|---|
| 16 | </p></div><div class="refsynopsisdiv"><h2>NSS_INFO</h2><p>
|
|---|
| 17 | The nss_info plugin supports reading the unixHomeDirectory,
|
|---|
| 18 | gidNumber, loginShell, and uidNumber attributes from the user
|
|---|
| 19 | object and the gidNumber attribute from the group object to
|
|---|
| 20 | fill in information required by the libc getpwnam() and
|
|---|
| 21 | getgrnam() family of functions. Group membership is filled in
|
|---|
| 22 | according to the Windows group membership and not the
|
|---|
| 23 | msSFU30PosixMember attribute.
|
|---|
| 24 | </p><p>
|
|---|
| 25 | Username aliases are implement by setting the uid attribute
|
|---|
| 26 | on the user object. While group name aliases are implemented
|
|---|
| 27 | by reading the displayname attribute from the group object.
|
|---|
| 28 | </p></div><div class="refsect1" lang="en"><a name="id2522952"></a><h2>EXAMPLES</h2><p>
|
|---|
| 29 | The following example shows how to retrieve idmappings and NSS data
|
|---|
| 30 | from our principal and trusted AD domains.
|
|---|
| 31 | </p><pre class="programlisting">
|
|---|
| 32 | [global]
|
|---|
| 33 | idmap backend = adex
|
|---|
| 34 | idmap uid = 1000-4000000000
|
|---|
| 35 | idmap gid = 1000-4000000000
|
|---|
| 36 |
|
|---|
| 37 | winbind nss info = adex
|
|---|
| 38 | winbind normalize names = yes
|
|---|
| 39 | </pre></div><div class="refsect1" lang="en"><a name="id2483341"></a><h2>AUTHOR</h2><p>
|
|---|
| 40 | The original Samba software and related utilities
|
|---|
| 41 | were created by Andrew Tridgell. Samba is now developed
|
|---|
| 42 | by the Samba Team as an Open Source project similar
|
|---|
| 43 | to the way the Linux kernel is developed.
|
|---|
| 44 | </p></div></div></body></html>
|
|---|
