source: vendor/3.6.0/docs-xml/manpages-3/idmap_adex.8.xml

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
<refentry id="idmap_adex.8">

<refmeta>
        <refentrytitle>idmap_adex</refentrytitle>
        <manvolnum>8</manvolnum>
        <refmiscinfo class="source">Samba</refmiscinfo>
        <refmiscinfo class="manual">System Administration tools</refmiscinfo>
        <refmiscinfo class="version">3.6</refmiscinfo>
</refmeta>


<refnamediv>
        <refname>idmap_adex</refname>
        <refpurpose>Samba's idmap_adex Backend for Winbind</refpurpose>
</refnamediv>

<refsynopsisdiv>
        <title>DESCRIPTION</title>
        <para>
          The idmap_adex plugin provides a way for Winbind to read
          id mappings from an AD server that uses RFC2307 schema
          extensions. This module implements both the idmap and nss_info
          APIs and supports domain trustes as well as two-way cross
          forest trusts.  It is a read-only plugin requiring that the
          administrator provide mappings in advance by adding the
          POSIX attribute information to the users and groups objects
          in AD.  The most common means of doing this is using &quot;Identity
          Services for Unix&quot; support on Windows 2003 R2 and later.
        </para>

        <para>
          Note that you must add the uidNumber, gidNumber, and uid
          attributes to the partial attribute set of the forest global
          catalog servers.  This can be done using the Active Directory Schema
          Management MMC plugin (schmmgmt.dll).
        </para>
</refsynopsisdiv>

<refsynopsisdiv>
        <title>NSS_INFO</title>
        <para>
          The nss_info plugin supports reading the unixHomeDirectory,
          gidNumber, loginShell, and uidNumber attributes from the user
          object and the gidNumber attribute from the group object to
          fill in information required by the libc getpwnam() and
          getgrnam() family of functions.  Group membership is filled in
          according to the Windows group membership and not the
          msSFU30PosixMember attribute.
        </para>

        <para>
          Username aliases are implement by setting the uid attribute
          on the user object.  While group name aliases are implemented
          by reading the displayname attribute from the group object.
        </para>
</refsynopsisdiv>

<refsect1>
        <title>EXAMPLES</title>
        <para>
          The following example shows how to retrieve idmappings and NSS data
          from our principal and trusted AD domains.
        </para>

        <programlisting>
        [global]
        idmap config * : backend = adex
        idmap config * : range = 1000-4000000000

        winbind nss info = adex
        winbind normalize names = yes
        </programlisting>
</refsect1>

<refsect1>
        <title>AUTHOR</title>

        <para>
        The original Samba software and related utilities
        were created by Andrew Tridgell. Samba is now developed
        by the Samba Team as an Open Source project similar
        to the way the Linux kernel is developed.
        </para>
</refsect1>

</refentry>