summaryrefslogtreecommitdiffstats
path: root/docs-xml/manpages/idmap_ldap.8.xml
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--docs-xml/manpages/idmap_ldap.8.xml145
1 files changed, 145 insertions, 0 deletions
diff --git a/docs-xml/manpages/idmap_ldap.8.xml b/docs-xml/manpages/idmap_ldap.8.xml
new file mode 100644
index 0000000..80f272d
--- /dev/null
+++ b/docs-xml/manpages/idmap_ldap.8.xml
@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
+<refentry id="idmap_ldap.8">
+
+<refmeta>
+ <refentrytitle>idmap_ldap</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">&doc.version;</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>idmap_ldap</refname>
+ <refpurpose>Samba's idmap_ldap Backend for Winbind</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <title>DESCRIPTION</title>
+
+ <para>The idmap_ldap plugin provides a means for Winbind to
+ store and retrieve SID/uid/gid mapping tables in an LDAP directory
+ service.
+ </para>
+
+ <para>
+ In contrast to read only backends like idmap_rid, it is an allocating
+ backend: This means that it needs to allocate new user and group IDs in
+ order to create new mappings.
+ </para>
+
+</refsynopsisdiv>
+
+<refsect1>
+ <title>IDMAP OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>ldap_base_dn = DN</term>
+ <listitem><para>
+ Defines the directory base suffix to use for
+ SID/uid/gid mapping entries. If not defined, idmap_ldap will default
+ to using the &quot;ldap idmap suffix&quot; option from &smb.conf;.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>ldap_user_dn = DN</term>
+ <listitem><para>
+ Defines the user DN to be used for authentication.
+ The secret for authenticating this user should be
+ stored with net idmap secret
+ (see <citerefentry><refentrytitle>net</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>).
+ If absent, the ldap credentials from the ldap passdb configuration
+ are used, and if these are also absent, an anonymous
+ bind will be performed as last fallback.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>ldap_url = ldap://server/</term>
+ <listitem><para>
+ Specifies the LDAP server to use for
+ SID/uid/gid map entries. If not defined, idmap_ldap will
+ assume that ldap://localhost/ should be used.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>range = low - high</term>
+ <listitem><para>
+ Defines the available matching uid and gid range for which the
+ backend is authoritative.
+ </para></listitem>
+ </varlistentry>
+ </variablelist>
+</refsect1>
+
+<refsect1>
+ <title>EXAMPLES</title>
+
+ <para>
+ The following example shows how an ldap directory is used as the
+ default idmap backend. It also configures the idmap range and base
+ directory suffix. The secret for the ldap_user_dn has to be set with
+ &quot;net idmap secret '*' password&quot;.
+ </para>
+
+ <programlisting>
+ [global]
+ idmap config * : backend = ldap
+ idmap config * : range = 1000000-1999999
+ idmap config * : ldap_url = ldap://localhost/
+ idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com
+ idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com
+ </programlisting>
+
+ <para>
+ This example shows how ldap can be used as a readonly backend while
+ tdb is the default backend used to store the mappings.
+ It adds an explicit configuration for some domain DOM1, that
+ uses the ldap idmap backend. Note that a range disjoint from the
+ default range is used.
+ </para>
+
+ <programlisting>
+ [global]
+ # "backend = tdb" is redundant here since it is the default
+ idmap config * : backend = tdb
+ idmap config * : range = 1000000-1999999
+
+ idmap config DOM1 : backend = ldap
+ idmap config DOM1 : range = 2000000-2999999
+ idmap config DOM1 : read only = yes
+ idmap config DOM1 : ldap_url = ldap://server/
+ idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com
+ idmap config DOM1 : ldap_user_dn = cn=idmap_admin,dc=dom1,dc=example,dc=com
+ </programlisting>
+</refsect1>
+
+<refsynopsisdiv>
+ <title>NOTE</title>
+
+ <para>In order to use authentication against ldap servers you may
+ need to provide a DN and a password. To avoid exposing the password
+ in plain text in the configuration file we store it into a security
+ store. The &quot;net idmap &quot; command is used to store a secret
+ for the DN specified in a specific idmap domain.
+ </para>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>
+ The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.
+ </para>
+</refsect1>
+
+</refentry>