This document is a Mac OS X manual page. Manual pages are a command-line technology for providing documentation. You can view these manual pages locally using the man(1) command. These manual pages come from many different sources, and thus, have a variety of writing styles.

For more information about the manual page format, see the manual page for manpages(5).

IDMAP_AD(8)                                                                                      IDMAP_AD(8)



NAME
       idmap_ad - Samba's idmap_ad Backend for Winbind

DESCRIPTION
       The  idmap_ad  plugin  provides  a  way  for  Winbind to read id mappings from an AD server that uses
       RFC2307/SFU schema extensions. This module implements only the "idmap" API, and is READONLY. Mappings
       must  be  provided in advance by the administrator by adding the posixAccount/posixGroup classess and
       relative attribute/value pairs to the users and groups objects in AD

IDMAP OPTIONS
       range = low - high
          Defines the available matching uid and gid range for which the backend is authoritative. Note that
          the  range  acts as a filter. If specified any UID or GID stored in AD that fall outside the range
          is ignored and the corresponding map is discarded. It is intended as a  way  to  avoid  accidental
          UID/GID overlaps between local and remotely defined IDs.

       schema_mode = <rfc2307 | sfu >
          Defines  the  schema  that  idmap_ad  should use when querying Active Directory regarding user and
          group information. This can either the RFC2307 schema support included in Windows 2003 R2  or  the
          Service for Unix (SFU) schema.

EXAMPLES
       The following example shows how to retrieve idmappings from our principal and and trusted AD domains.
       All is needed is to set default to yes. If trusted domains are present id conflicts must be  resolved
       beforehand,  there  is no guarantee on the order confliting mappings would be resolved at this point.
       This example also shows how to leave a small non conflicting range for local id allocation  that  may
       be used in internal backends like BULTIN.


            [global]
            idmap domains = ALLDOMAINS
            idmap config ALLDOMAINS:backend      = ad
            idmap config ALLDOMAINS:default      = yes
            idmap config ALLDOMAINS:range        = 10000 - 300000000

            idmap alloc backend = tdb
            idmap alloc config:range        = 5000 - 9999


AUTHOR
       The  original  Samba  software  and  related  utilities were created by Andrew Tridgell. Samba is now
       developed by the Samba Team as an Open Source project similar to the way the Linux kernel  is  devel-oped. developed.
       oped.




                                                                                                 IDMAP_AD(8)