1IDMAP_ADEX(8) System Administration tools IDMAP_ADEX(8)
2
6 idmap_adex - Samba´s idmap_adex Backend for Winbind
7
9 The idmap_adex plugin provides a way for Winbind to read id mappings
10 from an AD server that uses RFC2307 schema extensions. This module
11 implements both the idmap and nss_info APIs and supports domain trustes
12 as well as two-way cross forest trusts. It is a read-only plugin
13 requiring that the administrator provide mappings in advance by adding
14 the POSIX attribute information to the users and groups objects in AD.
15 The most common means of doing this is using "Identity Services for
16 Unix" support on Windows 2003 R2 and later.
17 Note that you must add the uidNumber, gidNumber, and uid attributes to
19 the partial attribute set of the forest global catalog servers. This
20 can be done using the Active Directory Schema Management MMC plugin
21 (schmmgmt.dll).
22
24 The nss_info plugin supports reading the unixHomeDirectory, gidNumber,
25 loginShell, and uidNumber attributes from the user object and the
26 gidNumber attribute from the group object to fill in information
27 required by the libc getpwnam() and getgrnam() family of functions.
28 Group membership is filled in according to the Windows group membership
29 and not the msSFU30PosixMember attribute.
30 Username aliases are implement by setting the uid attribute on the user
32 object. While group name aliases are implemented by reading the
33 displayname attribute from the group object.
34
36 The following example shows how to retrieve idmappings and NSS data
37 from our principal and trusted AD domains.
38 [global]
40 idmap backend = adex
41 idmap uid = 1000-4000000000
42 idmap gid = 1000-4000000000
43 winbind nss info = adex
45 winbind normalize names = yes
46
49 The original Samba software and related utilities were created by
50 Andrew Tridgell. Samba is now developed by the Samba Team as an Open
51 Source project similar to the way the Linux kernel is developed.
52Samba 3.5 08/02/2011 IDMAP_ADEX(8)