The branch, master has been updated via a52a587 docs: clarify the idmap_rid manpage (bug #7788) via 91d9cb4 docs: clarify the idmap_ad manpage (bug #6322) from 15c33ad libcli/auth: let spnego_write_mech_types() check the asn1_load() return
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit a52a587783e058f75815fa8add1f46b1c1d6f2d3 Author: Michael Adam <ob...@samba.org> Date: Tue Dec 7 17:30:27 2010 +0100 docs: clarify the idmap_rid manpage (bug #7788) The idmap_rid module should not be used as a default backend. Also mention that the old snytax "idmap backend = rid:domain=range ..." is not supported any more. Autobuild-User: Michael Adam <ob...@samba.org> Autobuild-Date: Tue Dec 7 19:07:57 CET 2010 on sn-devel-104 commit 91d9cb48a5224c7dc443747505f9dd1071f822ed Author: Michael Adam <ob...@samba.org> Date: Tue Dec 7 15:47:52 2010 +0100 docs: clarify the idmap_ad manpage (bug #6322) The idmap_ad module can not be used as a default backend. ----------------------------------------------------------------------- Summary of changes: docs-xml/manpages-3/idmap_ad.8.xml | 17 +++++++++++++++++ docs-xml/manpages-3/idmap_rid.8.xml | 18 ++++++++++++++++++ 2 files changed, 35 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/idmap_ad.8.xml b/docs-xml/manpages-3/idmap_ad.8.xml index 9b445df..3ecb07e 100644 --- a/docs-xml/manpages-3/idmap_ad.8.xml +++ b/docs-xml/manpages-3/idmap_ad.8.xml @@ -25,6 +25,23 @@ by the administrator by adding the posixAccount/posixGroup classes and relative attribute/value pairs to the user and group objects in the AD.</para> + + <para> + Note that the idmap_ad module has changed considerably since + Samba versions 3.0 and 3.2. + Currently, the <parameter>ad</parameter> backend + does not work as the the default idmap backend, but one has + to configure it separately for each domain for which one wants + to use it, using disjoint ranges. One usually needs to configure + a writeable default idmap range, using for example the + <parameter>tdb</parameter> or <parameter>ldap</parameter>) + backend, in order to be able to map the BUILTIN sids and + possibly other trusted domains. The writeable default config + is also needed in order to be able to create group mappings. + This catch-all default idmap configuration should have a range + that is disjoint from any explicitly configured domain with + idmap backend <parameter>ad</parameter>. See the example below. + </para> </refsynopsisdiv> <refsect1> diff --git a/docs-xml/manpages-3/idmap_rid.8.xml b/docs-xml/manpages-3/idmap_rid.8.xml index 33200b8..a2a1c58 100644 --- a/docs-xml/manpages-3/idmap_rid.8.xml +++ b/docs-xml/manpages-3/idmap_rid.8.xml @@ -21,6 +21,24 @@ <para>The idmap_rid backend provides a way to use an algorithmic mapping scheme to map UIDs/GIDs and SIDs. No database is required in this case as the mapping is deterministic.</para> + + <para> + Note that the idmap_rid module has changed considerably since Samba + versions 3.0. and 3.2. + Currently, there should to be an explicit idmap configuration for each + domain that should use the idmap_rid backend, using disjoint ranges. + One usually needs to define a writeable default idmap range, using + a backent like <parameter>tdb</parameter> or <parameter>ldap</parameter> + that can create unix ids, in order to be able to map the BUILTIN sids + and other domains, and also in order to be able to create group mappings. + See the example below. + </para> + + <para> + Note that the old syntax + <parameter>idmap backend = rid:"DOM1=range DOM2=range2 ..."</parameter> + is not supported any more since Samba version 3.0.25. + </para> </refsynopsisdiv> <refsect1> -- Samba Shared Repository