idmap_ad(8)

1IDMAP_AD(8)                                                        IDMAP_AD(8)
2
3
4

NAME

6       idmap_ad - Samba's idmap_ad Backend for Winbind
7

DESCRIPTION

9       The idmap_ad plugin provides a way for Winbind to read id mappings from
10       an AD server that  uses  RFC2307/SFU  schema  extensions.  This  module
11       implements only the "idmap" API, and is READONLY. Mappings must be pro‐
12       vided in advance by the administrator by adding the posixAccount/posix‐
13       Group  classess  and  relative  attribute/value  pairs to the users and
14       groups objects in AD
15

IDMAP OPTIONS

17       range = low - high
18          Defines the available matching uid and gid range for which the back‐
19          end is authoritative. Note that the range acts as a filter. If spec‐
20          ified any UID or GID stored in AD that fall  outside  the  range  is
21          ignored  and the corresponding map is discarded. It is intended as a
22          way to avoid accidental UID/GID overlaps between local and  remotely
23          defined IDs.
24
25       schema_mode = <rfc2307 | sfu >
26          Defines  the  schema  that  idmap_ad should use when querying Active
27          Directory regarding user and group information. This can either  the
28          RFC2307  schema  support  included in Windows 2003 R2 or the Service
29          for Unix (SFU) schema.
30

EXAMPLES

32       The following example shows how to retrieve idmappings from our princi‐
33       pal and and trusted AD domains. All is needed is to set default to yes.
34       If trusted domains are present id conflicts must  be  resolved  before‐
35       hand,  there  is no guarantee on the order confliting mappings would be
36       resolved at this point. This example also shows how to  leave  a  small
37       non  conflicting  range  for  local  id  allocation that may be used in
38       internal backends like BULTIN.
39
40
41            [global]
42            idmap domains = ALLDOMAINS
43            idmap config ALLDOMAINS:backend      = ad
44            idmap config ALLDOMAINS:default      = yes
45            idmap config ALLDOMAINS:range        = 10000 - 300000000
46
47            idmap alloc backend = tdb
48            idmap alloc config:range        = 5000 - 9999
49
50

AUTHOR

52       The original Samba software  and  related  utilities  were  created  by
53       Andrew  Tridgell.  Samba  is now developed by the Samba Team as an Open
54       Source project similar to the way the Linux kernel is developed.
55
56
57
58
59                                                                   IDMAP_AD(8)