The branch, master has been updated
via 84f2b2d731fb7d97c98414196bf96ee94ea88bb3 (commit)
via 7c5621b6e09d9ae3fe936a86e46d1b0f35906e6d (commit)
via 32be66b19da07983670002d1b2b5bc80cf0c8d16 (commit)
from 55dfad40af52235a59e44dbe6434713e7a810bf2 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 84f2b2d731fb7d97c98414196bf96ee94ea88bb3
Author: Michael Adam <[email protected]>
Date: Wed Jan 21 00:56:03 2009 +0100
s3:docs: add a manpage for idmap_tdb2
Michael
commit 7c5621b6e09d9ae3fe936a86e46d1b0f35906e6d
Author: Michael Adam <[email protected]>
Date: Wed Jan 21 00:13:29 2009 +0100
s3:docs: update the idmap_ldap manpage to reflect current facts.
Michael
commit 32be66b19da07983670002d1b2b5bc80cf0c8d16
Author: Michael Adam <[email protected]>
Date: Wed Jan 21 00:06:10 2009 +0100
s3:docs: update the idmap_tdb manpage to reflect current facts.
Michael
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages-3/idmap_ldap.8.xml | 30 ++++++--
docs-xml/manpages-3/idmap_tdb.8.xml | 81 ++++++++++++++++-----
docs-xml/manpages-3/idmap_tdb2.8.xml | 132 ++++++++++++++++++++++++++++++++++
3 files changed, 216 insertions(+), 27 deletions(-)
create mode 100644 docs-xml/manpages-3/idmap_tdb2.8.xml
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml
b/docs-xml/manpages-3/idmap_ldap.8.xml
index c09c141..ea9e5bf 100644
--- a/docs-xml/manpages-3/idmap_ldap.8.xml
+++ b/docs-xml/manpages-3/idmap_ldap.8.xml
@@ -21,8 +21,25 @@
<para>The idmap_ldap plugin provides a means for Winbind to
store and retrieve SID/uid/gid mapping tables in an LDAP directory
- service. The module implements both the "idmap" and
- "idmap alloc" APIs.
+ service.
+ In contrast to read only backends like idmap_rid, it is an allocating
+ backend: This means that it needs to allocate new user and group IDs to
+ create new mappings as requests to yet unmapped users are answered.
+ </para>
+
+ <para>
+ Note that in order for this (or any other allocating) backend to
+ function at all, the default backend needs to be writeable.
+ The ranges used for uid and gid allocation are the default ranges
+ configured by "idmap uid" and "idmap gid".
+ </para>
+
+ <para>
+ Furthermore, since there is only one global allocating backend
+ responsible for all domains using writeable idmap backends,
+ any explicitly configured domain with idmap backend ldap
+ should have the same range as the default range, since it needs
+ to use the global uid / gid allocator. See the example below.
</para>
</refsynopsisdiv>
@@ -60,11 +77,10 @@
<term>range = low - high</term>
<listitem><para>
Defines the available matching uid and gid range for
which the
- backend is authoritative. Note that the range commonly
matches
- the allocation range due to the fact that the same
backend will
- store and retrieve SID/uid/gid mapping entries. If the
parameter
- is absent, Winbind fail over to use the "idmap
uid" and
- "idmap gid" options from smb.conf.
+ backend is authoritative.
+ If the parameter is absent, Winbind fails over to use
the
+ "idmap uid" and "idmap gid" options
+ from smb.conf.
</para></listitem>
</varlistentry>
</variablelist>
diff --git a/docs-xml/manpages-3/idmap_tdb.8.xml
b/docs-xml/manpages-3/idmap_tdb.8.xml
index 4258d95..fb23076 100644
--- a/docs-xml/manpages-3/idmap_tdb.8.xml
+++ b/docs-xml/manpages-3/idmap_tdb.8.xml
@@ -19,9 +19,27 @@
<refsynopsisdiv>
<title>DESCRIPTION</title>
- <para>The idmap_tdb plugin is the default backend used by winbindd
- for storing SID/uid/gid mapping tables and implements
- both the "idmap" and "idmap alloc" APIs.
+ <para>
+ The idmap_tdb plugin is the default backend used by winbindd
+ for storing SID/uid/gid mapping tables. In contrast to read only
+ backends like idmap_rid, it is an allocating backend:
+ This means that it needs to allocate new user and group IDs
+ to create new mappings as requests to yet unmapped users are answered.
+ </para>
+
+ <para>
+ Note that in order for this (or any other allocating) backend to
+ function at all, the default backend needs to be writeable.
+ The ranges used for uid and gid allocation are the default ranges
+ configured by "idmap uid" and "idmap gid".
+ </para>
+
+ <para>
+ Furthermore, since there is only one global allocating backend
+ responsible for all domains using writeable idmap backends,
+ any explicitly configured domain with idmap backend tdb
+ should have the same range as the default range, since it needs
+ to use the global uid / gid allocator. See the example below.
</para>
</refsynopsisdiv>
@@ -33,30 +51,53 @@
<term>range = low - high</term>
<listitem><para>
Defines the available matching uid and gid range for
which the
- backend is authoritative. Note that the range commonly
matches
- the allocation range due to the fact that the same
backend will
- store and retrieve SID/uid/gid mapping entries. If the
parameter
- is absent, Winbind fail over to use the "idmap
uid" and
- "idmap gid" options from smb.conf.
+ backend is authoritative.
+ If the parameter is absent, Winbind fails over to use
+ the "idmap uid" and "idmap gid"
options
+ from smb.conf.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
- <title>IDMAP ALLOC OPTIONS</title>
+ <title>EXAMPLES</title>
- <variablelist>
- <varlistentry>
- <term>range = low - high</term>
- <listitem><para>
- Defines the available matching uid and gid range from
which
- winbindd can allocate for users and groups. If the
parameter
- is absent, Winbind fail over to use the "idmap
uid"
- and "idmap gid" options from smb.conf.
- </para></listitem>
- </varlistentry>
- </variablelist>
+ <para>
+ This example shows how tdb is used as a the default idmap backend.
+ It configures the idmap range through the global options for all
+ domains encountered. This same range is used for uid/gid allocation.
+ </para>
+
+ <programlisting>
+ [global]
+ # "idmap backend = tdb" is redundant here since it is the default
+ idmap backend = tdb
+ idmap uid = 1000000-2000000
+ idmap gid = 1000000-2000000
+ </programlisting>
+
+ <para>
+ This (rather theoretical) example shows how tdb can be used as the
+ allocating backend while ldap is the default backend used to store
+ the mappings.
+ It adds an explicit configuration for some domain DOM1, that
+ uses the tdb idmap backend. Note that the same range as the
+ default uid/gid range is used, since the allocator has to serve
+ both the default backend and the explicitly configured domain DOM1.
+ </para>
+
+ <programlisting>
+ [global]
+ idmap backend = ldap
+ idmap uid = 1000000-2000000
+ idmap gid = 1000000-2000000
+ # use a different uid/gid allocator:
+ idmap alloc backend = tdb
+
+ idmap config DOM1 : backend = tdb
+ idmap config DOM1 : range = 1000000-2000000
+ </programlisting>
</refsect1>
<refsect1>
diff --git a/docs-xml/manpages-3/idmap_tdb2.8.xml
b/docs-xml/manpages-3/idmap_tdb2.8.xml
new file mode 100644
index 0000000..6b303b4
--- /dev/null
+++ b/docs-xml/manpages-3/idmap_tdb2.8.xml
@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant
V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc";>
+<refentry id="idmap_tdb2.8">
+
+<refmeta>
+ <refentrytitle>idmap_tdb2</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>idmap_tdb2</refname>
+ <refpurpose>Samba's idmap_tdb2 Backend for Winbind</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <title>DESCRIPTION</title>
+
+ <para>
+ The idmap_tdb2 plugin is a substitute for the default idmap_tdb
+ backend used by winbindd for storing SID/uid/gid mapping tables
+ in clustered environments with Samba and CTDB.
+ </para>
+
+ <para>
+ In contrast to read only
+ backends like idmap_rid, it is an allocating backend:
+ This means that it needs to allocate new user and group IDs
+ to create new mappings as requests to yet unmapped users are answered.
+ </para>
+
+ <para>
+ Note that in order for this (or any other allocating) backend to
+ function at all, the default backend needs to be writeable.
+ The ranges used for uid and gid allocation are the default ranges
+ configured by "idmap uid" and "idmap gid".
+ </para>
+
+ <para>
+ Furthermore, since there is only one global allocating backend
+ responsible for all domains using writeable idmap backends,
+ any explicitly configured domain with idmap backend tdb2
+ should have the same range as the default range, since it needs
+ to use the global uid / gid allocator. See the example below.
+ </para>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>IDMAP OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>range = low - high</term>
+ <listitem><para>
+ Defines the available matching uid and gid range for
which the
+ backend is authoritative.
+ If the parameter is absent, Winbind fails over to use
+ the "idmap uid" and "idmap gid"
options
+ from smb.conf.
+ </para></listitem>
+ </varlistentry>
+ </variablelist>
+</refsect1>
+
+<refsect1>
+ <title>IDMAP SCRIPT</title>
+
+ <para>
+ The tdb2 idmap backend supports a script for performing id mappings
+ through the smb.conf option <parameter>idmap : script</parameter>.
+ The script should accept the following command line options.
+ </para>
+
+ <programlisting>
+ SIDTOID S-1-xxxx
+ IDTOSID UID xxxx
+ IDTOSID GID xxxx
+ </programlisting>
+
+ <para>
+ And it should return one of the following responses as a single line of
+ text.
+ </para>
+
+ <programlisting>
+ UID:yyyy
+ GID:yyyy
+ SID:yyyy
+ ERR:yyyy
+ </programlisting>
+
+ <para>
+ Note that the script should cover the complete range of SIDs
+ that can be passed in for SID to Unix ID mapping, since otherwise
+ SIDs unmapped by the script might get mapped to IDs that had
+ previously been mapped by the script.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>EXAMPLES</title>
+
+ <para>
+ This example shows how tdb2 is used as a the default idmap backend.
+ It configures the idmap range through the global options for all
+ domains encountered. This same range is used for uid/gid allocation.
+ </para>
+
+ <programlisting>
+ [global]
+ # "idmap backend = tdb2" is redundant here since it is the default
+ idmap backend = tdb2
+ idmap uid = 1000000-2000000
+ idmap gid = 1000000-2000000
+ </programlisting>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>
+ The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.
+ </para>
+</refsect1>
+
+</refentry>
--
Samba Shared Repository
