Changeset 745 for trunk/server/docs-xml/manpages-3/idmap_tdb2.8.xml

Timestamp:

Nov 27, 2012, 4:43:17 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: updated trunk to 3.6.0

Location:

trunk/server

Files:

• . (modified) (1 prop)
• docs-xml/manpages-3/idmap_tdb2.8.xml (modified) (6 diffs)

trunk/server/docs-xml/manpages-3/idmap_tdb2.8.xml

@@ -8 +8 @@
         <refmiscinfo class="source">Samba</refmiscinfo>
         <refmiscinfo class="manual">System Administration tools</refmiscinfo>
-        <refmiscinfo class="version">3.5</refmiscinfo>
+        <refmiscinfo class="version">3.6</refmiscinfo>
 </refmeta>
 
@@ -29 +29 @@
         In contrast to read only backends like idmap_rid, it is an allocating
         backend: This means that it needs to allocate new user and group IDs in
-        order to create new mappings. The allocator can be provided by the
-        idmap_tdb2 backend itself or by any other allocating backend like
-        idmap_tdb or idmap_ldap. This is configured with the
-        parameter <parameter>idmap alloc backend</parameter>.
-        </para>
-
-        <para>
-        Note that in order for this (or any other allocating) backend to
-        function at all, the default backend needs to be writeable.
-        The ranges used for uid and gid allocation are the default ranges
-        configured by &quot;idmap uid&quot; and &quot;idmap gid&quot;.
-        </para>
-
-        <para>
-        Furthermore, since there is only one global allocating backend
-        responsible for all domains using writeable idmap backends,
-        any explicitly configured domain with idmap backend tdb2
-        should have the same range as the default range, since it needs
-        to use the global uid / gid allocator. See the example below.
+        order to create new mappings.
         </para>
 </refsynopsisdiv>
@@ -60 +42 @@
                         Defines the available matching uid and gid range for which the
                         backend is authoritative.
-                        If the parameter is absent, Winbind fails over to use
-                        the &quot;idmap uid&quot; and &quot;idmap gid&quot; options
-                        from smb.conf.
+                </para></listitem>
+                </varlistentry>
+
+                <varlistentry>
+                <term>script</term>
+                <listitem><para>
+                        This option can be used to configure an external program
+                        for performing id mappings instead of using the tdb
+                        counter. The mappings are then stored int tdb2 idmap
+                        database. For details see the section on IDMAP SCRIPT below.
                 </para></listitem>
                 </varlistentry>
@@ -72 +61 @@
 
         <para>
-        The tdb2 idmap backend supports a script for performing id mappings
-        through the smb.conf option <parameter>idmap : script</parameter>.
+        The tdb2 idmap backend supports an external program for performing id mappings
+        through the smb.conf option <parameter>idmap config * : script</parameter> or
+        its deprecated legacy form <parameter>idmap : script</parameter>.
+        </para>
+
+        <para>
+        The mappings obtained by the script are then stored in the idmap tdb2
+        database instead of mappings created by the incrementing id counters.
+        It is therefore important that the script covers the complete range of
+        SIDs that can be passed in for SID to Unix ID mapping, since otherwise
+        SIDs unmapped by the script might get mapped to IDs that had
+        previously been mapped by the script.
+        </para>
+
+        <para>
         The script should accept the following command line options.
         </para>
@@ -94 +96 @@
         ERR:yyyy
         </programlisting>
-
-        <para>
-        Note that the script should cover the complete range of SIDs
-        that can be passed in for SID to Unix ID mapping, since otherwise
-        SIDs unmapped by the script might get mapped to IDs that had
-        previously been mapped by the script.
-        </para>
 </refsect1>
 
@@ -108 +103 @@
         <para>
         This example shows how tdb2 is used as a the default idmap backend.
-        It configures the idmap range through the global options for all
-        domains encountered. This same range is used for uid/gid allocation.
         </para>
 
         <programlisting>
         [global]
-        idmap backend = tdb2
-        idmap uid = 1000000-2000000
-        idmap gid = 1000000-2000000
+        idmap config * : backend = tdb2
+        idmap config * : range = 1000000-2000000
+        </programlisting>
+
+        <para>
+        This example shows how tdb2 is used as a the default idmap backend
+        using an external program via the script parameter:
+        </para>
+
+        <programlisting>
+        [global]
+        idmap config * : backend = tdb2
+        idmap config * : range = 1000000-2000000
+        idmap config * : script = /usr/local/samba/bin/idmap_script.sh
         </programlisting>
 </refsect1>