The branch, v3-6-test has been updated via 36c9a94 s3:doc: update the ldap_user_dn documentation in the idmap_ldap manpage via ed54e2a idmap_ldap.8: Add example with readonly backend via 2c3a745 s3:doc: clean up the example section of the idmap_tdb manpage via e1709a6 winbindd.8: Use new idmap syntax for smbconfoptions via 16369ac s3:doc: document "idmap gid" as deprecated. via b3ae1c3 s3:doc: document "idmap uid" as deprecated. via f15abb1 s3:doc: remove the documentation of "idmap alloc backend", which has been removed via 3c8a743 s3:doc: document "idmap backend" as deprecated. via 5ea21ca s3:doc: update documentation of the "idmap config FOO : BAR" familiy of parameters via 6a7bcff winbindd.8: Fix typo via 8bc2980 idmap_tdb.8: Remove reference to idmap uid and idmap gid options as fallback via 1ec7b0d idmap_tdb.8: Remove references to alloc backend via c867ebb idmap_tdb.8: Use new idmap syntax in examples via 40fbab5 idmap_ldap.8: Remove reference to idmap uid and idmap gid options as fallback via 5e76967 idmap_ldap.8: Backend is not only used for searching via a1eb060 idmap_ldap.8: Remove references to idmap alloc backend via 9ea550b idmap_ldap.8: Rework example to use new idmap syntax via 7b3df5e idmap_tdb2.8: Remove mentioning of deprecated idmap uid and idmap gid options as fallback via f5bfc20 idmap_tdb2.8: Avoid confusion with idmap uid and idmap gid options via 811a8c8 idmap_tdb2.8: Remove part about alloc backend via 838e0db idmap_tdb2.8: Use new syntax in example via ac72323 winbindd.8: Use new syntax in example via 3fbfc96 wbinfo.1: Avoid confusion with idmap uid option via b21c3ca idmap_autorid.8: Avoid confusion with idmap uid and idmap gid options via 4e842a3 idmap_autorid.8: Use new syntax in autorid backend examples via f8e75b4 idmap_rid.8: Use new syntax in rid backend example via 6716667 idmap_nss.8: Use new syntax for nss backend via b5e64725 idmap_hash.8: Use new syntax for hash backend via 28eb61a idmap_adex.8: Use new syntax in adex backend example via 3bf807f idmap_ad.8: use new syntax in ad backend example from 65a59d6 replace: remove waring if IOV_MAX is not defined
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log ----------------------------------------------------------------- commit 36c9a94bc132e738d68e40288b213a895b835e6b Author: Michael Adam <ob...@samba.org> Date: Wed Jun 1 01:19:50 2011 +0200 s3:doc: update the ldap_user_dn documentation in the idmap_ldap manpage also extend the example with ldap_user_dn. Autobuild-User: Michael Adam <ob...@samba.org> Autobuild-Date: Wed Jun 1 02:53:32 CEST 2011 on sn-devel-104 commit ed54e2a35234e3519fcc7d0a4587e39ceff36f6a Author: Luk Claes <l...@debian.org> Date: Tue May 31 23:28:57 2011 +0200 idmap_ldap.8: Add example with readonly backend Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit 2c3a74542b81829c919ff70838edd070c65657d9 Author: Michael Adam <ob...@samba.org> Date: Tue May 31 18:09:14 2011 +0200 s3:doc: clean up the example section of the idmap_tdb manpage Autobuild-User: Michael Adam <ob...@samba.org> Autobuild-Date: Tue May 31 19:47:45 CEST 2011 on sn-devel-104 commit e1709a664872a658e121bae673ab858753a157bf Author: Luk Claes <l...@debian.org> Date: Tue May 31 17:21:09 2011 +0200 winbindd.8: Use new idmap syntax for smbconfoptions Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit 16369ac9d84d9abd349bbf777ab6394b7b3ea942 Author: Michael Adam <ob...@samba.org> Date: Tue May 31 10:29:37 2011 +0200 s3:doc: document "idmap gid" as deprecated. Autobuild-User: Michael Adam <ob...@samba.org> Autobuild-Date: Tue May 31 11:39:38 CEST 2011 on sn-devel-104 commit b3ae1c3694d576ecb414290be759f3f5a9eac5d4 Author: Michael Adam <ob...@samba.org> Date: Tue May 31 10:29:08 2011 +0200 s3:doc: document "idmap uid" as deprecated. commit f15abb1a16329460cab64d9708caac1a67cb5988 Author: Michael Adam <ob...@samba.org> Date: Tue May 31 10:08:44 2011 +0200 s3:doc: remove the documentation of "idmap alloc backend", which has been removed commit 3c8a743a875db9d68d12cd6d4175f2217f4ecd8b Author: Michael Adam <ob...@samba.org> Date: Tue May 31 10:07:59 2011 +0200 s3:doc: document "idmap backend" as deprecated. commit 5ea21cadfa1b895a8fdf9310184daa651c4c6c03 Author: Michael Adam <ob...@samba.org> Date: Tue May 31 10:03:18 2011 +0200 s3:doc: update documentation of the "idmap config FOO : BAR" familiy of parameters commit 6a7bcff808e75099771ee0409c4e2457b05e30a5 Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:39 2011 +0200 winbindd.8: Fix typo Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> Autobuild-User: Michael Adam <ob...@samba.org> Autobuild-Date: Tue May 31 02:56:52 CEST 2011 on sn-devel-104 commit 8bc2980ad18f1e0a51b3b496e40f46c756513885 Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:38 2011 +0200 idmap_tdb.8: Remove reference to idmap uid and idmap gid options as fallback Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit 1ec7b0df60769b39ed0fd4be558abbb679dfe504 Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:37 2011 +0200 idmap_tdb.8: Remove references to alloc backend Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit c867ebb7b70ab886ff740fc3826b2801beaf8718 Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:36 2011 +0200 idmap_tdb.8: Use new idmap syntax in examples Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit 40fbab5b48089390a61e7c8432f41c83daf7cd8d Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:35 2011 +0200 idmap_ldap.8: Remove reference to idmap uid and idmap gid options as fallback Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit 5e76967221a7281187aee534c662bf4eeb3ab338 Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:34 2011 +0200 idmap_ldap.8: Backend is not only used for searching Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit a1eb060670be257c2bc76f1033036a8aef27d070 Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:33 2011 +0200 idmap_ldap.8: Remove references to idmap alloc backend Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit 9ea550bf905e39ca47b8ca2bb56d34a368c04b65 Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:32 2011 +0200 idmap_ldap.8: Rework example to use new idmap syntax Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit 7b3df5ebd08312b9c20cc4c6e9232d4b569219d1 Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:31 2011 +0200 idmap_tdb2.8: Remove mentioning of deprecated idmap uid and idmap gid options as fallback Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit f5bfc2078ea4a1ead53856661390d32d3d4b6754 Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:30 2011 +0200 idmap_tdb2.8: Avoid confusion with idmap uid and idmap gid options Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit 811a8c86cb16b9271bfe7441c8d53803b97fb5a3 Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:29 2011 +0200 idmap_tdb2.8: Remove part about alloc backend Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit 838e0db43be446dbe72a527b87cde42aa86996f6 Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:28 2011 +0200 idmap_tdb2.8: Use new syntax in example Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit ac7232346df2b1c555a0f6e7fca4f04b0965d112 Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:27 2011 +0200 winbindd.8: Use new syntax in example Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit 3fbfc960714f6f2e6a9ce6f80c5f79887861e5f6 Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:26 2011 +0200 wbinfo.1: Avoid confusion with idmap uid option Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit b21c3ca8e441fe13aec0c5dfd423e0d74c6ac9c2 Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:25 2011 +0200 idmap_autorid.8: Avoid confusion with idmap uid and idmap gid options Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit 4e842a3d1d725b960a75053140585fff378f08ee Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:24 2011 +0200 idmap_autorid.8: Use new syntax in autorid backend examples Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit f8e75b44a0c49832d95eba1d1de728fd846f5c3a Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:23 2011 +0200 idmap_rid.8: Use new syntax in rid backend example Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit 6716667b7cf5c5b27008e6e10e5b30f9b20442ca Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:22 2011 +0200 idmap_nss.8: Use new syntax for nss backend Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit b5e64725f3462ada0579529280aea0bc1963ad11 Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:21 2011 +0200 idmap_hash.8: Use new syntax for hash backend Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit 28eb61ae0c7e1917e728d9dcad900f92e16230fd Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:20 2011 +0200 idmap_adex.8: Use new syntax in adex backend example Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> commit 3bf807f70bd9ca6ffe319b497190a9492eae3b10 Author: Luk Claes <l...@debian.org> Date: Tue May 31 00:26:19 2011 +0200 idmap_ad.8: use new syntax in ad backend example Signed-off-by: Luk Claes <l...@debian.org> Signed-off-by: Michael Adam <ob...@samba.org> ----------------------------------------------------------------------- Summary of changes: docs-xml/manpages-3/idmap_ad.8.xml | 5 +- docs-xml/manpages-3/idmap_adex.8.xml | 5 +- docs-xml/manpages-3/idmap_autorid.8.xml | 12 +-- docs-xml/manpages-3/idmap_hash.8.xml | 5 +- docs-xml/manpages-3/idmap_ldap.8.xml | 107 ++++++++------------- docs-xml/manpages-3/idmap_nss.8.xml | 5 +- docs-xml/manpages-3/idmap_rid.8.xml | 5 +- docs-xml/manpages-3/idmap_tdb.8.xml | 55 +---------- docs-xml/manpages-3/idmap_tdb2.8.xml | 30 +----- docs-xml/manpages-3/wbinfo.1.xml | 2 +- docs-xml/manpages-3/winbindd.8.xml | 18 ++-- docs-xml/smbdotconf/winbind/idmapallocconfig.xml | 14 --- docs-xml/smbdotconf/winbind/idmapbackend.xml | 35 +------- docs-xml/smbdotconf/winbind/idmapconfig.xml | 103 +++++++++++++++++---- docs-xml/smbdotconf/winbind/idmapgid.xml | 13 +-- docs-xml/smbdotconf/winbind/idmapuid.xml | 12 +-- 16 files changed, 168 insertions(+), 258 deletions(-) delete mode 100644 docs-xml/smbdotconf/winbind/idmapallocconfig.xml Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/idmap_ad.8.xml b/docs-xml/manpages-3/idmap_ad.8.xml index e628f0c..fbadaf2 100644 --- a/docs-xml/manpages-3/idmap_ad.8.xml +++ b/docs-xml/manpages-3/idmap_ad.8.xml @@ -85,9 +85,8 @@ <programlisting> [global] - idmap backend = tdb - idmap uid = 1000000-1999999 - idmap gid = 1000000-1999999 + idmap config * : backend = tdb + idmap config * : range = 1000000-1999999 idmap config CORP : backend = ad idmap config CORP : range = 1000-999999 diff --git a/docs-xml/manpages-3/idmap_adex.8.xml b/docs-xml/manpages-3/idmap_adex.8.xml index 7349caa..16d12cd 100644 --- a/docs-xml/manpages-3/idmap_adex.8.xml +++ b/docs-xml/manpages-3/idmap_adex.8.xml @@ -66,9 +66,8 @@ <programlisting> [global] - idmap backend = adex - idmap uid = 1000-4000000000 - idmap gid = 1000-4000000000 + idmap config * : backend = adex + idmap config * : range = 1000-4000000000 winbind nss info = adex winbind normalize names = yes diff --git a/docs-xml/manpages-3/idmap_autorid.8.xml b/docs-xml/manpages-3/idmap_autorid.8.xml index 38790ea..3a56555 100644 --- a/docs-xml/manpages-3/idmap_autorid.8.xml +++ b/docs-xml/manpages-3/idmap_autorid.8.xml @@ -88,9 +88,8 @@ workgroup = CUSTOMER realm = CUSTOMER.COM - idmap backend = autorid - idmap uid = 1000000-1999999 - idmap gid = 1000000-1999999 + idmap config * : backend = autorid + idmap config * : range = 1000000-1999999 </programlisting> @@ -98,7 +97,7 @@ This example shows how to configure idmap_autorid as default for all domains with a potentially large amount of users plus a specific configuration for a trusted domain - that uses the SFU mapping scheme. Please note that idmap uid/gid + that uses the SFU mapping scheme. Please note that idmap ranges and sfu ranges are not allowed to overlap. </para> @@ -108,10 +107,9 @@ workgroup = CUSTOMER realm = CUSTOMER.COM - idmap backend = autorid + idmap config * : backend = autorid + idmap config * : range = 1000000-19999999 autorid:rangesize = 1000000 - idmap uid = 1000000-19999999 - idmap gid = 1000000-19999999 idmap config TRUSTED : backend = ad idmap config TRUSTED : range = 50000 - 99999 diff --git a/docs-xml/manpages-3/idmap_hash.8.xml b/docs-xml/manpages-3/idmap_hash.8.xml index 2bbae71..f3ec6a7 100644 --- a/docs-xml/manpages-3/idmap_hash.8.xml +++ b/docs-xml/manpages-3/idmap_hash.8.xml @@ -52,9 +52,8 @@ <programlisting> [global] - idmap backend = hash - idmap uid = 1000-4000000000 - idmap gid = 1000-4000000000 + idmap config * : backend = hash + idmap config * : range = 1000-4000000000 winbind nss info = hash winbind normalize names = yes diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml b/docs-xml/manpages-3/idmap_ldap.8.xml index e3588b9..e68f278 100644 --- a/docs-xml/manpages-3/idmap_ldap.8.xml +++ b/docs-xml/manpages-3/idmap_ldap.8.xml @@ -27,26 +27,9 @@ <para> In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in - order to create new mappings. The allocator can be provided by the - idmap_ldap backend itself or by any other allocating backend like - idmap_tdb or idmap_tdb2. This is configured with the - parameter <parameter>idmap alloc backend</parameter>. + order to create new mappings. </para> - <para> - Note that in order for this (or any other allocating) backend to - function at all, the default backend needs to be writeable. - The ranges used for uid and gid allocation are the default ranges - configured by "idmap uid" and "idmap gid". - </para> - - <para> - Furthermore, since there is only one global allocating backend - responsible for all domains using writeable idmap backends, - any explicitly configured domain with idmap backend ldap - should have the same range as the default range, since it needs - to use the global uid / gid allocator. See the example below. - </para> </refsynopsisdiv> <refsect1> @@ -56,7 +39,7 @@ <varlistentry> <term>ldap_base_dn = DN</term> <listitem><para> - Defines the directory base suffix to use when searching for + Defines the directory base suffix to use for SID/uid/gid mapping entries. If not defined, idmap_ldap will default to using the "ldap idmap suffix" option from smb.conf. </para></listitem> @@ -65,15 +48,21 @@ <varlistentry> <term>ldap_user_dn = DN</term> <listitem><para> - Defines the user DN to be used for authentication. If absent an - anonymous bind will be performed. + Defines the user DN to be used for authentication. + The secret for authenticating this user should be + stored with net idmap secret + (see <citerefentry><refentrytitle>net</refentrytitle> + <manvolnum>8</manvolnum></citerefentry>). + If absent, the ldap credentials from the ldap passdb configuration + are used, and if these are also absent, an anonymous + bind will be performed as last fallback. </para></listitem> </varlistentry> <varlistentry> <term>ldap_url = ldap://server/</term> <listitem><para> - Specifies the LDAP server to use when searching for existing + Specifies the LDAP server to use for SID/uid/gid map entries. If not defined, idmap_ldap will assume that ldap://localhost/ should be used. </para></listitem> @@ -84,64 +73,50 @@ <listitem><para> Defines the available matching uid and gid range for which the backend is authoritative. - If the parameter is absent, Winbind fails over to use the - "idmap uid" and "idmap gid" options - from smb.conf. </para></listitem> </varlistentry> </variablelist> </refsect1> <refsect1> - <title>IDMAP ALLOC OPTIONS</title> - - <variablelist> - <varlistentry> - <term>ldap_base_dn = DN</term> - <listitem><para> - Defines the directory base suffix under which new SID/uid/gid mapping - entries should be stored. If not defined, idmap_ldap will default - to using the "ldap idmap suffix" option from smb.conf. - </para></listitem> - </varlistentry> - - <varlistentry> - <term>ldap_user_dn = DN</term> - <listitem><para> - Defines the user DN to be used for authentication. If absent an - anonymous bind will be performed. - </para></listitem> - </varlistentry> - - <varlistentry> - <term>ldap_url = ldap://server/</term> - <listitem><para> - Specifies the LDAP server to which modify/add/delete requests should - be sent. If not defined, idmap_ldap will assume that ldap://localhost/ - should be used. - </para></listitem> - </varlistentry> - </variablelist> -</refsect1> - -<refsect1> <title>EXAMPLES</title> <para> - The follow sets of a LDAP configuration which uses two LDAP - directories, one for storing the ID mappings and one for retrieving - new IDs. + The following example shows how an ldap directory is used as the + default idmap backend. It also configures the idmap range and base + directory suffix. The secret for the ldap_user_dn has to be set with + "net idmap secret '*' password". </para> <programlisting> [global] - idmap backend = ldap:ldap://localhost/ - idmap uid = 1000000-1999999 - idmap gid = 1000000-1999999 + idmap config * : backend = ldap + idmap config * : range = 1000000-1999999 + idmap config * : ldap_url = ldap://localhost/ + idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com + idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com + </programlisting> + + <para> + This example shows how ldap can be used as a readonly backend while + tdb is the default backend used to store the mappings. + It adds an explicit configuration for some domain DOM1, that + uses the ldap idmap backend. Note that a range disjoint from the + default range is used. + </para> - idmap alloc backend = ldap - idmap alloc config : ldap_url = ldap://id-master/ - idmap alloc config : ldap_base_dn = ou=idmap,dc=example,dc=com + <programlisting> + [global] + # "backend = tdb" is redundant here since it is the default + idmap config * : backend = tdb + idmap config * : range = 1000000-1999999 + + idmap config DOM1 : backend = ldap + idmap config DOM1 : range = 2000000-2999999 + idmap config DOM1 : read only = yes + idmap config DOM1 : ldap_url = ldap://server/ + idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com + idmap config DOM1 : ldap_user_dn = cn=idmap_admin,dc=dom1,dc=example,dc=com </programlisting> </refsect1> diff --git a/docs-xml/manpages-3/idmap_nss.8.xml b/docs-xml/manpages-3/idmap_nss.8.xml index a7fdca0..576eef6 100644 --- a/docs-xml/manpages-3/idmap_nss.8.xml +++ b/docs-xml/manpages-3/idmap_nss.8.xml @@ -38,9 +38,8 @@ <programlisting> [global] - idmap backend = tdb - idmap uid = 1000000-1999999 - idmap gid = 1000000-1999999 + idmap config * : backend = tdb + idmap config * : range = 1000000-1999999 idmap config SAMBA : backend = nss idmap config SAMBA : range = 1000-999999 diff --git a/docs-xml/manpages-3/idmap_rid.8.xml b/docs-xml/manpages-3/idmap_rid.8.xml index a2a1c58..a29e978 100644 --- a/docs-xml/manpages-3/idmap_rid.8.xml +++ b/docs-xml/manpages-3/idmap_rid.8.xml @@ -106,9 +106,8 @@ security = domain workgroup = MAIN - idmap backend = tdb - idmap uid = 1000000-1999999 - idmap gid = 1000000-1999999 + idmap config * : backend = tdb + idmap config * : range = 1000000-1999999 idmap config MAIN : backend = rid idmap config MAIN : range = 10000 - 49999 diff --git a/docs-xml/manpages-3/idmap_tdb.8.xml b/docs-xml/manpages-3/idmap_tdb.8.xml index 06a2967..c67d6cb 100644 --- a/docs-xml/manpages-3/idmap_tdb.8.xml +++ b/docs-xml/manpages-3/idmap_tdb.8.xml @@ -27,25 +27,7 @@ <para> In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in - order to create new mappings. The allocator can be provided by the - idmap_tdb backend itself or by any other allocating backend like - idmap_ldap or idmap_tdb2. This is configured with the - parameter <parameter>idmap alloc backend</parameter>. - </para> - - <para> - Note that in order for this (or any other allocating) backend to - function at all, the default backend needs to be writeable. - The ranges used for uid and gid allocation are the default ranges - configured by "idmap uid" and "idmap gid". - </para> - - <para> - Furthermore, since there is only one global allocating backend - responsible for all domains using writeable idmap backends, - any explicitly configured domain with idmap backend tdb - should have the same range as the default range, since it needs - to use the global uid / gid allocator. See the example below. + order to create new mappings. </para> </refsynopsisdiv> @@ -58,9 +40,6 @@ <listitem><para> Defines the available matching uid and gid range for which the backend is authoritative. - If the parameter is absent, Winbind fails over to use - the "idmap uid" and "idmap gid" options - from smb.conf. </para></listitem> </varlistentry> </variablelist> @@ -71,38 +50,14 @@ <para> This example shows how tdb is used as a the default idmap backend. - It configures the idmap range through the global options for all - domains encountered. This same range is used for uid/gid allocation. - </para> - - <programlisting> - [global] - # "idmap backend = tdb" is redundant here since it is the default - idmap backend = tdb - idmap uid = 1000000-2000000 - idmap gid = 1000000-2000000 - </programlisting> - - <para> - This (rather theoretical) example shows how tdb can be used as the - allocating backend while ldap is the default backend used to store - the mappings. - It adds an explicit configuration for some domain DOM1, that - uses the tdb idmap backend. Note that the same range as the - default uid/gid range is used, since the allocator has to serve - both the default backend and the explicitly configured domain DOM1. + This configured range is used for uid and gid allocation. </para> <programlisting> [global] - idmap backend = ldap - idmap uid = 1000000-2000000 - idmap gid = 1000000-2000000 - # use a different uid/gid allocator: - idmap alloc backend = tdb - - idmap config DOM1 : backend = tdb - idmap config DOM1 : range = 1000000-2000000 + # "backend = tdb" is redundant here since it is the default + idmap config * : backend = tdb + idmap config * : range = 1000000-2000000 </programlisting> </refsect1> diff --git a/docs-xml/manpages-3/idmap_tdb2.8.xml b/docs-xml/manpages-3/idmap_tdb2.8.xml index a5d1080..980ffe6 100644 --- a/docs-xml/manpages-3/idmap_tdb2.8.xml +++ b/docs-xml/manpages-3/idmap_tdb2.8.xml @@ -28,25 +28,7 @@ <para> In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in - order to create new mappings. The allocator can be provided by the - idmap_tdb2 backend itself or by any other allocating backend like - idmap_tdb or idmap_ldap. This is configured with the - parameter <parameter>idmap alloc backend</parameter>. - </para> - - <para> - Note that in order for this (or any other allocating) backend to - function at all, the default backend needs to be writeable. - The ranges used for uid and gid allocation are the default ranges - configured by "idmap uid" and "idmap gid". - </para> - - <para> - Furthermore, since there is only one global allocating backend - responsible for all domains using writeable idmap backends, - any explicitly configured domain with idmap backend tdb2 - should have the same range as the default range, since it needs - to use the global uid / gid allocator. See the example below. + order to create new mappings. </para> </refsynopsisdiv> @@ -59,9 +41,6 @@ <listitem><para> Defines the available matching uid and gid range for which the backend is authoritative. - If the parameter is absent, Winbind fails over to use - the "idmap uid" and "idmap gid" options - from smb.conf. </para></listitem> </varlistentry> </variablelist> @@ -108,14 +87,13 @@ <para> This example shows how tdb2 is used as a the default idmap backend. It configures the idmap range through the global options for all - domains encountered. This same range is used for uid/gid allocation. + domains encountered. </para> <programlisting> [global] - idmap backend = tdb2 - idmap uid = 1000000-2000000 - idmap gid = 1000000-2000000 + idmap config * : backend = tdb2 + idmap config * : range = 1000000-2000000 </programlisting> </refsect1> diff --git a/docs-xml/manpages-3/wbinfo.1.xml b/docs-xml/manpages-3/wbinfo.1.xml index c1b2c1f..0701d08 100644 --- a/docs-xml/manpages-3/wbinfo.1.xml +++ b/docs-xml/manpages-3/wbinfo.1.xml @@ -423,7 +423,7 @@ <term>-U|--uid-to-sid <replaceable>uid</replaceable></term> <listitem><para>Try to convert a UNIX user id to a Windows NT SID. If the uid specified does not refer to one within - the idmap uid range then the operation will fail. </para></listitem> + the idmap range then the operation will fail. </para></listitem> </varlistentry> <varlistentry> diff --git a/docs-xml/manpages-3/winbindd.8.xml b/docs-xml/manpages-3/winbindd.8.xml index c9fd4d8..df44e44 100644 --- a/docs-xml/manpages-3/winbindd.8.xml +++ b/docs-xml/manpages-3/winbindd.8.xml @@ -45,10 +45,9 @@ <para>Even if winbind is not used for nsswitch, it still provides a service to <command>smbd</command>, <command>ntlm_auth</command> and the <command>pam_winbind.so</command> PAM module, by managing connections to - domain controllers. In this configuraiton the - <smbconfoption name="idmap uid"/> and - <smbconfoption name="idmap gid"/> - parameters are not required. (This is known as `netlogon proxy only mode'.)</para> + domain controllers. In this configuration the + <smbconfoption name="idmap config * : range"/> + parameter is not required. (This is known as `netlogon proxy only mode'.)</para> <para> The Name Service Switch allows user and system information to be obtained from different databases @@ -246,11 +245,9 @@ hosts: files wins <listitem><para> <smbconfoption name="winbind separator"/></para></listitem> <listitem><para> - <smbconfoption name="idmap uid"/></para></listitem> + <smbconfoption name="idmap config * : range"/></para></listitem> <listitem><para> - <smbconfoption name="idmap gid"/></para></listitem> - <listitem><para> - <smbconfoption name="idmap backend"/></para></listitem> + <smbconfoption name="idmap config * : backend"/></para></listitem> <listitem><para> <smbconfoption name="winbind cache time"/></para></listitem> <listitem><para> @@ -340,8 +337,7 @@ auth required /lib/security/pam_unix.so \ winbind cache time = 10 template shell = /bin/bash template homedir = /home/%D/%U - idmap uid = 10000-20000 - idmap gid = 10000-20000 + idmap config * : range = 10000-20000 workgroup = DOMAIN security = domain password server = * @@ -374,7 +370,7 @@ auth required /lib/security/pam_unix.so \ <para>If more than one UNIX machine is running <command>winbindd</command>, then in general the user and groups ids allocated by winbindd will not be the same. The user and group ids will only be valid for the local - machine, unless a shared <smbconfoption name="idmap backend"/> is configured.</para> + machine, unless a shared <smbconfoption name="idmap config * : backend"/> is configured.</para> <para>If the the Windows NT SID to UNIX user and group id mapping file is damaged or destroyed then the mappings will be lost. </para> diff --git a/docs-xml/smbdotconf/winbind/idmapallocconfig.xml b/docs-xml/smbdotconf/winbind/idmapallocconfig.xml deleted file mode 100644 index 0139041..0000000 --- a/docs-xml/smbdotconf/winbind/idmapallocconfig.xml +++ /dev/null @@ -1,14 +0,0 @@ -<samba:parameter name="idmap alloc config" - context="G" - type="string" - advanced="1" developer="1" hide="1" - xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> -<description> - <para> - The idmap alloc config prefix provides a means of managing settings -- Samba Shared Repository