| blob | 711f20f39d4f6fa6bbfae3e5361a2ecc2f6a0514 |
1 <samba:parameter name="idmap backend"
2 context="G"
3 type="string"
4 advanced="1" developer="1" hide="1"
5 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
6 <description>
7 <para>
8 The purpose of the idmap backend parameter is to allow idmap to NOT use the local idmap
9 tdb file to obtain SID to UID / GID mappings, but instead to obtain them from a common
10 LDAP backend. This way all domain members and controllers will have the same UID and GID
11 to SID mappings. This avoids the risk of UID / GID inconsistencies across UNIX / Linux
12 systems that are sharing information over protocols other than SMB/CIFS (ie: NFS).
13 </para>
15 <para>
16 An alternate method of SID to UID / GID mapping can be achieved using the rid
17 plug-in. This plug-in uses the account RID to derive the UID and GID by adding the
18 RID to a base value specified. This utility requires that the parameter
19 <quote>allow trusted domains = No</quote> must be specified, as it is not compatible
20 with multiple domain environments. The idmap uid and idmap gid ranges must also be
21 specified.
22 </para>
24 <para>
25 Finally, using the ad module, the UID and GID can directly
26 be retrieved from an Active Directory LDAP Server that supports an
27 RFC2307 compliant LDAP schema. ad supports "Services for Unix"
28 (SFU) version 2.x and 3.0.
29 </para>
31 </description>
33 <value type="default"></value>
34 <value type="example">ldap:ldap://ldapslave.example.com</value>
35 <value type="example">rid:"BUILTIN=1000-1999,DOMNAME=2000-100000000"</value>
36 <value type="example">ad</value>
37 </samba:parameter>