The branch, v3-3-test has been updated
via 0b1036d5d6e06e2fa14dab163d51a902ca63fc0a (commit)
via 83a03a3ced255f0a64935fe788ac3b0ddf669ca5 (commit)
via 73a835335e329f0aaa0b72ebfd538b8c2b813812 (commit)
via ea5be10d0656d4f7edec43a4cb926573050823aa (commit)
via c52948a2b019bb1620ffa69605673d88bfa34bb4 (commit)
via 1bbc5f228b8b73a623f7afc5eb79c08757366029 (commit)
via 4145a1de91a18ea9a09b3088f0e5cd054875760b (commit)
from ba941074ce20617856c138eff5762646384d37de (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit 0b1036d5d6e06e2fa14dab163d51a902ca63fc0a
Author: Michael Adam <ob...@samba.org>
Date: Wed Jan 21 10:56:34 2009 +0100
s3:docs: clarify explanation of the allocator in the idmap_ldap manpage
Michael
(cherry picked from commit 816934faa8bbe53dd299bc5e39f471eafdddefa8)
Signed-off-by: Michael Adam <ob...@samba.org>
commit 83a03a3ced255f0a64935fe788ac3b0ddf669ca5
Author: Michael Adam <ob...@samba.org>
Date: Wed Jan 21 10:55:19 2009 +0100
s3:docs: clarify explanation of the allocator in the idmap_tdb manpage
Michael
(cherry picked from commit 665b5dc70333ca36129a6fe06645bd9faa4f2350)
Signed-off-by: Michael Adam <ob...@samba.org>
commit 73a835335e329f0aaa0b72ebfd538b8c2b813812
Author: Michael Adam <ob...@samba.org>
Date: Wed Jan 21 10:49:48 2009 +0100
s3:docs: clarify explanation of allocator in the idmap_tdb2 manpage
Michael
(cherry picked from commit 65b79200e46751278c125ad260d899d10d6466a2)
Signed-off-by: Michael Adam <ob...@samba.org>
commit ea5be10d0656d4f7edec43a4cb926573050823aa
Author: Michael Adam <ob...@samba.org>
Date: Wed Jan 21 10:38:49 2009 +0100
s3:docs: fix copy and paste error in the idmap_tdb2 manpage
Michael
(cherry picked from commit bd252ad665547d2ad012725ccb18720e160d221f)
Signed-off-by: Michael Adam <ob...@samba.org>
commit c52948a2b019bb1620ffa69605673d88bfa34bb4
Author: Michael Adam <ob...@samba.org>
Date: Wed Jan 21 00:56:03 2009 +0100
s3:docs: add a manpage for idmap_tdb2
Michael
(cherry picked from commit 84f2b2d731fb7d97c98414196bf96ee94ea88bb3)
Signed-off-by: Michael Adam <ob...@samba.org>
commit 1bbc5f228b8b73a623f7afc5eb79c08757366029
Author: Michael Adam <ob...@samba.org>
Date: Wed Jan 21 00:13:29 2009 +0100
s3:docs: update the idmap_ldap manpage to reflect current facts.
Michael
(cherry picked from commit 7c5621b6e09d9ae3fe936a86e46d1b0f35906e6d)
Signed-off-by: Michael Adam <ob...@samba.org>
commit 4145a1de91a18ea9a09b3088f0e5cd054875760b
Author: Michael Adam <ob...@samba.org>
Date: Wed Jan 21 00:06:10 2009 +0100
s3:docs: update the idmap_tdb manpage to reflect current facts.
Michael
(cherry picked from commit 32be66b19da07983670002d1b2b5bc80cf0c8d16)
Signed-off-by: Michael Adam <ob...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages-3/idmap_ldap.8.xml | 36 ++++++++--
docs-xml/manpages-3/idmap_tdb.8.xml | 87 +++++++++++++++++-----
docs-xml/manpages-3/idmap_tdb2.8.xml | 133 ++++++++++++++++++++++++++++++++++
3 files changed, 229 insertions(+), 27 deletions(-)
create mode 100644 docs-xml/manpages-3/idmap_tdb2.8.xml
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml
b/docs-xml/manpages-3/idmap_ldap.8.xml
index 5bd65aa..603f800 100644
--- a/docs-xml/manpages-3/idmap_ldap.8.xml
+++ b/docs-xml/manpages-3/idmap_ldap.8.xml
@@ -21,8 +21,31 @@
<para>The idmap_ldap plugin provides a means for Winbind to
store and retrieve SID/uid/gid mapping tables in an LDAP directory
- service. The module implements both the "idmap" and
- "idmap alloc" APIs.
+ service.
+ </para>
+
+ <para>
+ In contrast to read only backends like idmap_rid, it is an allocating
+ backend: This means that it needs to allocate new user and group IDs in
+ order to create new mappings. The allocator can be provided by the
+ idmap_ldap backend itself or by any other allocating backend like
+ idmap_tdb or idmap_tdb2. This is configured with the
+ parameter <parameter>idmap alloc backend</parameter>.
+ </para>
+
+ <para>
+ Note that in order for this (or any other allocating) backend to
+ function at all, the default backend needs to be writeable.
+ The ranges used for uid and gid allocation are the default ranges
+ configured by "idmap uid" and "idmap gid".
+ </para>
+
+ <para>
+ Furthermore, since there is only one global allocating backend
+ responsible for all domains using writeable idmap backends,
+ any explicitly configured domain with idmap backend ldap
+ should have the same range as the default range, since it needs
+ to use the global uid / gid allocator. See the example below.
</para>
</refsynopsisdiv>
@@ -60,11 +83,10 @@
<term>range = low - high</term>
<listitem><para>
Defines the available matching uid and gid range for
which the
- backend is authoritative. Note that the range commonly
matches
- the allocation range due to the fact that the same
backend will
- store and retrieve SID/uid/gid mapping entries. If the
parameter
- is absent, Winbind fail over to use the "idmap
uid" and
- "idmap gid" options from smb.conf.
+ backend is authoritative.
+ If the parameter is absent, Winbind fails over to use
the
+ "idmap uid" and "idmap gid" options
+ from smb.conf.
</para></listitem>
</varlistentry>
</variablelist>
diff --git a/docs-xml/manpages-3/idmap_tdb.8.xml
b/docs-xml/manpages-3/idmap_tdb.8.xml
index e535bf0..9c44f1a 100644
--- a/docs-xml/manpages-3/idmap_tdb.8.xml
+++ b/docs-xml/manpages-3/idmap_tdb.8.xml
@@ -19,9 +19,33 @@
<refsynopsisdiv>
<title>DESCRIPTION</title>
- <para>The idmap_tdb plugin is the default backend used by winbindd
- for storing SID/uid/gid mapping tables and implements
- both the "idmap" and "idmap alloc" APIs.
+ <para>
+ The idmap_tdb plugin is the default backend used by winbindd
+ for storing SID/uid/gid mapping tables.
+ </para>
+
+ <para>
+ In contrast to read only backends like idmap_rid, it is an allocating
+ backend: This means that it needs to allocate new user and group IDs in
+ order to create new mappings. The allocator can be provided by the
+ idmap_tdb backend itself or by any other allocating backend like
+ idmap_ldap or idmap_tdb2. This is configured with the
+ parameter <parameter>idmap alloc backend</parameter>.
+ </para>
+
+ <para>
+ Note that in order for this (or any other allocating) backend to
+ function at all, the default backend needs to be writeable.
+ The ranges used for uid and gid allocation are the default ranges
+ configured by "idmap uid" and "idmap gid".
+ </para>
+
+ <para>
+ Furthermore, since there is only one global allocating backend
+ responsible for all domains using writeable idmap backends,
+ any explicitly configured domain with idmap backend tdb
+ should have the same range as the default range, since it needs
+ to use the global uid / gid allocator. See the example below.
</para>
</refsynopsisdiv>
@@ -33,30 +57,53 @@
<term>range = low - high</term>
<listitem><para>
Defines the available matching uid and gid range for
which the
- backend is authoritative. Note that the range commonly
matches
- the allocation range due to the fact that the same
backend will
- store and retrieve SID/uid/gid mapping entries. If the
parameter
- is absent, Winbind fail over to use the "idmap
uid" and
- "idmap gid" options from smb.conf.
+ backend is authoritative.
+ If the parameter is absent, Winbind fails over to use
+ the "idmap uid" and "idmap gid"
options
+ from smb.conf.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
- <title>IDMAP ALLOC OPTIONS</title>
+ <title>EXAMPLES</title>
- <variablelist>
- <varlistentry>
- <term>range = low - high</term>
- <listitem><para>
- Defines the available matching uid and gid range from
which
- winbindd can allocate for users and groups. If the
parameter
- is absent, Winbind fail over to use the "idmap
uid"
- and "idmap gid" options from smb.conf.
- </para></listitem>
- </varlistentry>
- </variablelist>
+ <para>
+ This example shows how tdb is used as a the default idmap backend.
+ It configures the idmap range through the global options for all
+ domains encountered. This same range is used for uid/gid allocation.
+ </para>
+
+ <programlisting>
+ [global]
+ # "idmap backend = tdb" is redundant here since it is the default
+ idmap backend = tdb
+ idmap uid = 1000000-2000000
+ idmap gid = 1000000-2000000
+ </programlisting>
+
+ <para>
+ This (rather theoretical) example shows how tdb can be used as the
+ allocating backend while ldap is the default backend used to store
+ the mappings.
+ It adds an explicit configuration for some domain DOM1, that
+ uses the tdb idmap backend. Note that the same range as the
+ default uid/gid range is used, since the allocator has to serve
+ both the default backend and the explicitly configured domain DOM1.
+ </para>
+
+ <programlisting>
+ [global]
+ idmap backend = ldap
+ idmap uid = 1000000-2000000
+ idmap gid = 1000000-2000000
+ # use a different uid/gid allocator:
+ idmap alloc backend = tdb
+
+ idmap config DOM1 : backend = tdb
+ idmap config DOM1 : range = 1000000-2000000
+ </programlisting>
</refsect1>
<refsect1>
diff --git a/docs-xml/manpages-3/idmap_tdb2.8.xml
b/docs-xml/manpages-3/idmap_tdb2.8.xml
new file mode 100644
index 0000000..4f19ba1
--- /dev/null
+++ b/docs-xml/manpages-3/idmap_tdb2.8.xml
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant
V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc";>
+<refentry id="idmap_tdb2.8">
+
+<refmeta>
+ <refentrytitle>idmap_tdb2</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="source">Samba</refmiscinfo>
+ <refmiscinfo class="manual">System Administration tools</refmiscinfo>
+ <refmiscinfo class="version">3.3</refmiscinfo>
+</refmeta>
+
+
+<refnamediv>
+ <refname>idmap_tdb2</refname>
+ <refpurpose>Samba's idmap_tdb2 Backend for Winbind</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+ <title>DESCRIPTION</title>
+
+ <para>
+ The idmap_tdb2 plugin is a substitute for the default idmap_tdb
+ backend used by winbindd for storing SID/uid/gid mapping tables
+ in clustered environments with Samba and CTDB.
+ </para>
+
+ <para>
+ In contrast to read only backends like idmap_rid, it is an allocating
+ backend: This means that it needs to allocate new user and group IDs in
+ order to create new mappings. The allocator can be provided by the
+ idmap_tdb2 backend itself or by any other allocating backend like
+ idmap_tdb or idmap_ldap. This is configured with the
+ parameter <parameter>idmap alloc backend</parameter>.
+ </para>
+
+ <para>
+ Note that in order for this (or any other allocating) backend to
+ function at all, the default backend needs to be writeable.
+ The ranges used for uid and gid allocation are the default ranges
+ configured by "idmap uid" and "idmap gid".
+ </para>
+
+ <para>
+ Furthermore, since there is only one global allocating backend
+ responsible for all domains using writeable idmap backends,
+ any explicitly configured domain with idmap backend tdb2
+ should have the same range as the default range, since it needs
+ to use the global uid / gid allocator. See the example below.
+ </para>
+</refsynopsisdiv>
+
+<refsect1>
+ <title>IDMAP OPTIONS</title>
+
+ <variablelist>
+ <varlistentry>
+ <term>range = low - high</term>
+ <listitem><para>
+ Defines the available matching uid and gid range for
which the
+ backend is authoritative.
+ If the parameter is absent, Winbind fails over to use
+ the "idmap uid" and "idmap gid"
options
+ from smb.conf.
+ </para></listitem>
+ </varlistentry>
+ </variablelist>
+</refsect1>
+
+<refsect1>
+ <title>IDMAP SCRIPT</title>
+
+ <para>
+ The tdb2 idmap backend supports a script for performing id mappings
+ through the smb.conf option <parameter>idmap : script</parameter>.
+ The script should accept the following command line options.
+ </para>
+
+ <programlisting>
+ SIDTOID S-1-xxxx
+ IDTOSID UID xxxx
+ IDTOSID GID xxxx
+ </programlisting>
+
+ <para>
+ And it should return one of the following responses as a single line of
+ text.
+ </para>
+
+ <programlisting>
+ UID:yyyy
+ GID:yyyy
+ SID:yyyy
+ ERR:yyyy
+ </programlisting>
+
+ <para>
+ Note that the script should cover the complete range of SIDs
+ that can be passed in for SID to Unix ID mapping, since otherwise
+ SIDs unmapped by the script might get mapped to IDs that had
+ previously been mapped by the script.
+ </para>
+</refsect1>
+
+<refsect1>
+ <title>EXAMPLES</title>
+
+ <para>
+ This example shows how tdb2 is used as a the default idmap backend.
+ It configures the idmap range through the global options for all
+ domains encountered. This same range is used for uid/gid allocation.
+ </para>
+
+ <programlisting>
+ [global]
+ idmap backend = tdb2
+ idmap uid = 1000000-2000000
+ idmap gid = 1000000-2000000
+ </programlisting>
+</refsect1>
+
+<refsect1>
+ <title>AUTHOR</title>
+
+ <para>
+ The original Samba software and related utilities
+ were created by Andrew Tridgell. Samba is now developed
+ by the Samba Team as an Open Source project similar
+ to the way the Linux kernel is developed.
+ </para>
+</refsect1>
+
+</refentry>
--
Samba Shared Repository
