| 1 | <?xml version="1.0" encoding="iso-8859-1"?>
|
|---|
| 2 | <!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
|
|---|
| 3 | <refentry id="idmap_adex.8">
|
|---|
| 4 |
|
|---|
| 5 | <refmeta>
|
|---|
| 6 | <refentrytitle>idmap_adex</refentrytitle>
|
|---|
| 7 | <manvolnum>8</manvolnum>
|
|---|
| 8 | <refmiscinfo class="source">Samba</refmiscinfo>
|
|---|
| 9 | <refmiscinfo class="manual">System Administration tools</refmiscinfo>
|
|---|
| 10 | <refmiscinfo class="version">3.5</refmiscinfo>
|
|---|
| 11 | </refmeta>
|
|---|
| 12 |
|
|---|
| 13 |
|
|---|
| 14 | <refnamediv>
|
|---|
| 15 | <refname>idmap_adex</refname>
|
|---|
| 16 | <refpurpose>Samba's idmap_adex Backend for Winbind</refpurpose>
|
|---|
| 17 | </refnamediv>
|
|---|
| 18 |
|
|---|
| 19 | <refsynopsisdiv>
|
|---|
| 20 | <title>DESCRIPTION</title>
|
|---|
| 21 | <para>
|
|---|
| 22 | The idmap_adex plugin provides a way for Winbind to read
|
|---|
| 23 | id mappings from an AD server that uses RFC2307 schema
|
|---|
| 24 | extensions. This module implements both the idmap and nss_info
|
|---|
| 25 | APIs and supports domain trustes as well as two-way cross
|
|---|
| 26 | forest trusts. It is a read-only plugin requiring that the
|
|---|
| 27 | administrator provide mappings in advance by adding the
|
|---|
| 28 | POSIX attribute information to the users and groups objects
|
|---|
| 29 | in AD. The most common means of doing this is using "Identity
|
|---|
| 30 | Services for Unix" support on Windows 2003 R2 and later.
|
|---|
| 31 | </para>
|
|---|
| 32 |
|
|---|
| 33 | <para>
|
|---|
| 34 | Note that you must add the uidNumber, gidNumber, and uid
|
|---|
| 35 | attributes to the partial attribute set of the forest global
|
|---|
| 36 | catalog servers. This can be done using the Active Directory Schema
|
|---|
| 37 | Management MMC plugin (schmmgmt.dll).
|
|---|
| 38 | </para>
|
|---|
| 39 | </refsynopsisdiv>
|
|---|
| 40 |
|
|---|
| 41 | <refsynopsisdiv>
|
|---|
| 42 | <title>NSS_INFO</title>
|
|---|
| 43 | <para>
|
|---|
| 44 | The nss_info plugin supports reading the unixHomeDirectory,
|
|---|
| 45 | gidNumber, loginShell, and uidNumber attributes from the user
|
|---|
| 46 | object and the gidNumber attribute from the group object to
|
|---|
| 47 | fill in information required by the libc getpwnam() and
|
|---|
| 48 | getgrnam() family of functions. Group membership is filled in
|
|---|
| 49 | according to the Windows group membership and not the
|
|---|
| 50 | msSFU30PosixMember attribute.
|
|---|
| 51 | </para>
|
|---|
| 52 |
|
|---|
| 53 | <para>
|
|---|
| 54 | Username aliases are implement by setting the uid attribute
|
|---|
| 55 | on the user object. While group name aliases are implemented
|
|---|
| 56 | by reading the displayname attribute from the group object.
|
|---|
| 57 | </para>
|
|---|
| 58 | </refsynopsisdiv>
|
|---|
| 59 |
|
|---|
| 60 | <refsect1>
|
|---|
| 61 | <title>EXAMPLES</title>
|
|---|
| 62 | <para>
|
|---|
| 63 | The following example shows how to retrieve idmappings and NSS data
|
|---|
| 64 | from our principal and trusted AD domains.
|
|---|
| 65 | </para>
|
|---|
| 66 |
|
|---|
| 67 | <programlisting>
|
|---|
| 68 | [global]
|
|---|
| 69 | idmap backend = adex
|
|---|
| 70 | idmap uid = 1000-4000000000
|
|---|
| 71 | idmap gid = 1000-4000000000
|
|---|
| 72 |
|
|---|
| 73 | winbind nss info = adex
|
|---|
| 74 | winbind normalize names = yes
|
|---|
| 75 | </programlisting>
|
|---|
| 76 | </refsect1>
|
|---|
| 77 |
|
|---|
| 78 | <refsect1>
|
|---|
| 79 | <title>AUTHOR</title>
|
|---|
| 80 |
|
|---|
| 81 | <para>
|
|---|
| 82 | The original Samba software and related utilities
|
|---|
| 83 | were created by Andrew Tridgell. Samba is now developed
|
|---|
| 84 | by the Samba Team as an Open Source project similar
|
|---|
| 85 | to the way the Linux kernel is developed.
|
|---|
| 86 | </para>
|
|---|
| 87 | </refsect1>
|
|---|
| 88 |
|
|---|
| 89 | </refentry>
|
|---|
