diff options
Diffstat (limited to '')
| -rw-r--r-- | upstream/archlinux/man8/idmap_ldap.8 | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/upstream/archlinux/man8/idmap_ldap.8 b/upstream/archlinux/man8/idmap_ldap.8 new file mode 100644 index 00000000..dac74f59 --- /dev/null +++ b/upstream/archlinux/man8/idmap_ldap.8 @@ -0,0 +1,107 @@ +'\" t +.\" Title: idmap_ldap +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> +.\" Date: 02/19/2024 +.\" Manual: System Administration tools +.\" Source: Samba 4.19.5 +.\" Language: English +.\" +.TH "IDMAP_LDAP" "8" "02/19/2024" "Samba 4\&.19\&.5" "System Administration tools" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +idmap_ldap \- Samba\*(Aqs idmap_ldap Backend for Winbind +.SH "DESCRIPTION" +.PP +The idmap_ldap plugin provides a means for Winbind to store and retrieve SID/uid/gid mapping tables in an LDAP directory service\&. +.PP +In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&. +.SH "IDMAP OPTIONS" +.PP +ldap_base_dn = DN +.RS 4 +Defines the directory base suffix to use for SID/uid/gid mapping entries\&. If not defined, idmap_ldap will default to using the "ldap idmap suffix" option from +/etc/samba/smb\&.conf\&. +.RE +.PP +ldap_user_dn = DN +.RS 4 +Defines the user DN to be used for authentication\&. The secret for authenticating this user should be stored with net idmap secret (see +\fBnet\fR(8))\&. If absent, the ldap credentials from the ldap passdb configuration are used, and if these are also absent, an anonymous bind will be performed as last fallback\&. +.RE +.PP +ldap_url = ldap://server/ +.RS 4 +Specifies the LDAP server to use for SID/uid/gid map entries\&. If not defined, idmap_ldap will assume that ldap://localhost/ should be used\&. +.RE +.PP +range = low \- high +.RS 4 +Defines the available matching uid and gid range for which the backend is authoritative\&. +.RE +.SH "EXAMPLES" +.PP +The following example shows how an ldap directory is used as the default idmap backend\&. It also configures the idmap range and base directory suffix\&. The secret for the ldap_user_dn has to be set with "net idmap secret \*(Aq*\*(Aq password"\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf + [global] + idmap config * : backend = ldap + idmap config * : range = 1000000\-1999999 + idmap config * : ldap_url = ldap://localhost/ + idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com + idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com + +.fi +.if n \{\ +.RE +.\} +.PP +This example shows how ldap can be used as a readonly backend while tdb is the default backend used to store the mappings\&. It adds an explicit configuration for some domain DOM1, that uses the ldap idmap backend\&. Note that a range disjoint from the default range is used\&. +.sp +.if n \{\ +.RS 4 +.\} +.nf + [global] + # "backend = tdb" is redundant here since it is the default + idmap config * : backend = tdb + idmap config * : range = 1000000\-1999999 + + idmap config DOM1 : backend = ldap + idmap config DOM1 : range = 2000000\-2999999 + idmap config DOM1 : read only = yes + idmap config DOM1 : ldap_url = ldap://server/ + idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com + idmap config DOM1 : ldap_user_dn = cn=idmap_admin,dc=dom1,dc=example,dc=com + +.fi +.if n \{\ +.RE +.\} +.SH "NOTE" +.PP +In order to use authentication against ldap servers you may need to provide a DN and a password\&. To avoid exposing the password in plain text in the configuration file we store it into a security store\&. The "net idmap " command is used to store a secret for the DN specified in a specific idmap domain\&. +.SH "AUTHOR" +.PP +The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&. |