The branch, master has been updated
via a52a587 docs: clarify the idmap_rid manpage (bug #7788)
via 91d9cb4 docs: clarify the idmap_ad manpage (bug #6322)
from 15c33ad libcli/auth: let spnego_write_mech_types() check the
asn1_load() return
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a52a587783e058f75815fa8add1f46b1c1d6f2d3
Author: Michael Adam <ob...@samba.org>
Date: Tue Dec 7 17:30:27 2010 +0100
docs: clarify the idmap_rid manpage (bug #7788)
The idmap_rid module should not be used as a default backend.
Also mention that the old snytax "idmap backend = rid:domain=range ..."
is not supported any more.
Autobuild-User: Michael Adam <ob...@samba.org>
Autobuild-Date: Tue Dec 7 19:07:57 CET 2010 on sn-devel-104
commit 91d9cb48a5224c7dc443747505f9dd1071f822ed
Author: Michael Adam <ob...@samba.org>
Date: Tue Dec 7 15:47:52 2010 +0100
docs: clarify the idmap_ad manpage (bug #6322)
The idmap_ad module can not be used as a default backend.
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages-3/idmap_ad.8.xml | 17 +++++++++++++++++
docs-xml/manpages-3/idmap_rid.8.xml | 18 ++++++++++++++++++
2 files changed, 35 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages-3/idmap_ad.8.xml
b/docs-xml/manpages-3/idmap_ad.8.xml
index 9b445df..3ecb07e 100644
--- a/docs-xml/manpages-3/idmap_ad.8.xml
+++ b/docs-xml/manpages-3/idmap_ad.8.xml
@@ -25,6 +25,23 @@
by the administrator by adding the posixAccount/posixGroup
classes and relative attribute/value pairs to the user and
group objects in the AD.</para>
+
+ <para>
+ Note that the idmap_ad module has changed considerably since
+ Samba versions 3.0 and 3.2.
+ Currently, the <parameter>ad</parameter> backend
+ does not work as the the default idmap backend, but one has
+ to configure it separately for each domain for which one wants
+ to use it, using disjoint ranges. One usually needs to configure
+ a writeable default idmap range, using for example the
+ <parameter>tdb</parameter> or <parameter>ldap</parameter>)
+ backend, in order to be able to map the BUILTIN sids and
+ possibly other trusted domains. The writeable default config
+ is also needed in order to be able to create group mappings.
+ This catch-all default idmap configuration should have a range
+ that is disjoint from any explicitly configured domain with
+ idmap backend <parameter>ad</parameter>. See the example below.
+ </para>
</refsynopsisdiv>
<refsect1>
diff --git a/docs-xml/manpages-3/idmap_rid.8.xml
b/docs-xml/manpages-3/idmap_rid.8.xml
index 33200b8..a2a1c58 100644
--- a/docs-xml/manpages-3/idmap_rid.8.xml
+++ b/docs-xml/manpages-3/idmap_rid.8.xml
@@ -21,6 +21,24 @@
<para>The idmap_rid backend provides a way to use an algorithmic
mapping scheme to map UIDs/GIDs and SIDs. No database is required
in this case as the mapping is deterministic.</para>
+
+ <para>
+ Note that the idmap_rid module has changed considerably since Samba
+ versions 3.0. and 3.2.
+ Currently, there should to be an explicit idmap configuration for each
+ domain that should use the idmap_rid backend, using disjoint ranges.
+ One usually needs to define a writeable default idmap range, using
+ a backent like <parameter>tdb</parameter> or <parameter>ldap</parameter>
+ that can create unix ids, in order to be able to map the BUILTIN sids
+ and other domains, and also in order to be able to create group
mappings.
+ See the example below.
+ </para>
+
+ <para>
+ Note that the old syntax
+ <parameter>idmap backend = rid:"DOM1=range DOM2=range2 ..."</parameter>
+ is not supported any more since Samba version 3.0.25.
+ </para>
</refsynopsisdiv>
<refsect1>
--
Samba Shared Repository
