1 files changed, 78 insertions, 0 deletions

diff --git a/src/man/idmap_sss.8.xml b/src/man/idmap_sss.8.xml
new file mode 100644
index 0000000..a316c32
--- /dev/null
+++ b/src/man/idmap_sss.8.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN"
+"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
+<reference>
+<title>SSSD Manual pages</title>
+<refentry>
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/upstream.xml" />
+
+    <refmeta>
+        <refentrytitle>idmap_sss</refentrytitle>
+        <manvolnum>8</manvolnum>
+    </refmeta>
+
+    <refnamediv id='name'>
+        <refname>idmap_sss</refname>
+        <refpurpose>SSSD's idmap_sss Backend for Winbind</refpurpose>
+    </refnamediv>
+
+    <refsect1 id='description'>
+        <title>DESCRIPTION</title>
+        <para>
+            The idmap_sss module provides a way to call SSSD to map UIDs/GIDs
+            and SIDs. No database is required in this case as the mapping is
+            done by SSSD.
+        </para>
+    </refsect1>
+
+    <refsect1>
+        <title>IDMAP OPTIONS</title>
+
+        <variablelist>
+            <varlistentry>
+                <term>range = low - high</term>
+                <listitem><para>
+                  Defines the available matching UID and GID range for which the
+                  backend is authoritative.
+                </para></listitem>
+            </varlistentry>
+        </variablelist>
+    </refsect1>
+
+    <refsect1>
+        <title>EXAMPLES</title>
+        <para>
+            This example shows how to configure idmap_sss as the default mapping
+            module.
+        </para>
+
+        <programlisting format="linespecific">
+[global]
+security = ads
+workgroup = &lt;AD-DOMAIN-SHORTNAME&gt;
+
+idmap config &lt;AD-DOMAIN-SHORTNAME&gt; : backend        = sss
+idmap config &lt;AD-DOMAIN-SHORTNAME&gt; : range          = 200000-2147483647
+
+idmap config * : backend        = tdb
+idmap config * : range          = 100000-199999
+        </programlisting>
+
+        <para>
+            Please replace &lt;AD-DOMAIN-SHORTNAME&gt; with the NetBIOS domain
+            name of the AD domain. If multiple AD domains should be used each
+            domain needs an <literal>idmap config</literal> line with
+            <literal>backend = sss</literal> and a line with a suitable
+            <literal>range</literal>.
+        </para>
+        <para>
+            Since Winbind requires a writeable default backend and idmap_sss is
+            read-only the example includes <literal>backend = tdb</literal> as
+            default.
+        </para>
+    </refsect1>
+
+    <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/seealso.xml" />
+
+</refentry>
+</reference>