| blob | e9cb07676a9eed3689218a631be2e6a6cdf31acc |
1 <samba:parameter name="idmap backend"
2 context="G"
3 type="string"
4 advanced="1" developer="1" hide="1"
5 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
6 <description>
7 <para>
8 The purpose of the idmap backend parameter is to allow idmap to NOT use the local idmap
9 tdb file to obtain SID to UID / GID mappings, but instead to obtain them from a common
10 LDAP backend. This way all domain members and controllers will have the same UID and GID
11 to SID mappings. This avoids the risk of UID / GID inconsistencies across UNIX / Linux
12 systems that are sharing information over protocols other than SMB/CIFS (ie: NFS).
13 </para>
15 <para>
16 An alternate method of SID to UID / GID mapping can be achieved using the idmap_rid
17 plug-in. This plug-in uses the account RID to derive the UID and GID by adding the
18 RID to a base value specified. This utility requires that the parameter
19 <quote>allow trusted domains = No</quote> must be specified, as it is not compatible
20 with multiple domain environments. The idmap uid and idmap gid ranges must also be
21 specified.
22 </para>
24 <para>
25 Finally, using the idmap_ad module, the UID and GID can directly
26 be retrieved from an Active Directory LDAP Server that supports an
27 RFC2307 compliant LDAP schema. idmap_ad supports "Services for Unix"
28 (SFU) version 2.x and 3.0.
29 </para>
31 </description>
33 <value type="default"></value>
34 <value type="example">ldap:ldap://ldapslave.example.com</value>
35 <value type="example">idmap_rid:"BUILTIN=1000-1999,DOMNAME=2000-100000000"</value>
36 <value type="example">idmap_ad</value>
37 </samba:parameter>