The branch, v3-3-test has been updated via 0b1036d5d6e06e2fa14dab163d51a902ca63fc0a (commit) via 83a03a3ced255f0a64935fe788ac3b0ddf669ca5 (commit) via 73a835335e329f0aaa0b72ebfd538b8c2b813812 (commit) via ea5be10d0656d4f7edec43a4cb926573050823aa (commit) via c52948a2b019bb1620ffa69605673d88bfa34bb4 (commit) via 1bbc5f228b8b73a623f7afc5eb79c08757366029 (commit) via 4145a1de91a18ea9a09b3088f0e5cd054875760b (commit) from ba941074ce20617856c138eff5762646384d37de (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log ----------------------------------------------------------------- commit 0b1036d5d6e06e2fa14dab163d51a902ca63fc0a Author: Michael Adam <ob...@samba.org> Date: Wed Jan 21 10:56:34 2009 +0100 s3:docs: clarify explanation of the allocator in the idmap_ldap manpage Michael (cherry picked from commit 816934faa8bbe53dd299bc5e39f471eafdddefa8) Signed-off-by: Michael Adam <ob...@samba.org> commit 83a03a3ced255f0a64935fe788ac3b0ddf669ca5 Author: Michael Adam <ob...@samba.org> Date: Wed Jan 21 10:55:19 2009 +0100 s3:docs: clarify explanation of the allocator in the idmap_tdb manpage Michael (cherry picked from commit 665b5dc70333ca36129a6fe06645bd9faa4f2350) Signed-off-by: Michael Adam <ob...@samba.org> commit 73a835335e329f0aaa0b72ebfd538b8c2b813812 Author: Michael Adam <ob...@samba.org> Date: Wed Jan 21 10:49:48 2009 +0100 s3:docs: clarify explanation of allocator in the idmap_tdb2 manpage Michael (cherry picked from commit 65b79200e46751278c125ad260d899d10d6466a2) Signed-off-by: Michael Adam <ob...@samba.org> commit ea5be10d0656d4f7edec43a4cb926573050823aa Author: Michael Adam <ob...@samba.org> Date: Wed Jan 21 10:38:49 2009 +0100 s3:docs: fix copy and paste error in the idmap_tdb2 manpage Michael (cherry picked from commit bd252ad665547d2ad012725ccb18720e160d221f) Signed-off-by: Michael Adam <ob...@samba.org> commit c52948a2b019bb1620ffa69605673d88bfa34bb4 Author: Michael Adam <ob...@samba.org> Date: Wed Jan 21 00:56:03 2009 +0100 s3:docs: add a manpage for idmap_tdb2 Michael (cherry picked from commit 84f2b2d731fb7d97c98414196bf96ee94ea88bb3) Signed-off-by: Michael Adam <ob...@samba.org> commit 1bbc5f228b8b73a623f7afc5eb79c08757366029 Author: Michael Adam <ob...@samba.org> Date: Wed Jan 21 00:13:29 2009 +0100 s3:docs: update the idmap_ldap manpage to reflect current facts. Michael (cherry picked from commit 7c5621b6e09d9ae3fe936a86e46d1b0f35906e6d) Signed-off-by: Michael Adam <ob...@samba.org> commit 4145a1de91a18ea9a09b3088f0e5cd054875760b Author: Michael Adam <ob...@samba.org> Date: Wed Jan 21 00:06:10 2009 +0100 s3:docs: update the idmap_tdb manpage to reflect current facts. Michael (cherry picked from commit 32be66b19da07983670002d1b2b5bc80cf0c8d16) Signed-off-by: Michael Adam <ob...@samba.org> ----------------------------------------------------------------------- Summary of changes: docs-xml/manpages-3/idmap_ldap.8.xml | 36 ++++++++-- docs-xml/manpages-3/idmap_tdb.8.xml | 87 +++++++++++++++++----- docs-xml/manpages-3/idmap_tdb2.8.xml | 133 ++++++++++++++++++++++++++++++++++ 3 files changed, 229 insertions(+), 27 deletions(-) create mode 100644 docs-xml/manpages-3/idmap_tdb2.8.xml Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml b/docs-xml/manpages-3/idmap_ldap.8.xml index 5bd65aa..603f800 100644 --- a/docs-xml/manpages-3/idmap_ldap.8.xml +++ b/docs-xml/manpages-3/idmap_ldap.8.xml @@ -21,8 +21,31 @@ <para>The idmap_ldap plugin provides a means for Winbind to store and retrieve SID/uid/gid mapping tables in an LDAP directory - service. The module implements both the "idmap" and - "idmap alloc" APIs. + service. + </para> + + <para> + In contrast to read only backends like idmap_rid, it is an allocating + backend: This means that it needs to allocate new user and group IDs in + order to create new mappings. The allocator can be provided by the + idmap_ldap backend itself or by any other allocating backend like + idmap_tdb or idmap_tdb2. This is configured with the + parameter <parameter>idmap alloc backend</parameter>. + </para> + + <para> + Note that in order for this (or any other allocating) backend to + function at all, the default backend needs to be writeable. + The ranges used for uid and gid allocation are the default ranges + configured by "idmap uid" and "idmap gid". + </para> + + <para> + Furthermore, since there is only one global allocating backend + responsible for all domains using writeable idmap backends, + any explicitly configured domain with idmap backend ldap + should have the same range as the default range, since it needs + to use the global uid / gid allocator. See the example below. </para> </refsynopsisdiv> @@ -60,11 +83,10 @@ <term>range = low - high</term> <listitem><para> Defines the available matching uid and gid range for which the - backend is authoritative. Note that the range commonly matches - the allocation range due to the fact that the same backend will - store and retrieve SID/uid/gid mapping entries. If the parameter - is absent, Winbind fail over to use the "idmap uid" and - "idmap gid" options from smb.conf. + backend is authoritative. + If the parameter is absent, Winbind fails over to use the + "idmap uid" and "idmap gid" options + from smb.conf. </para></listitem> </varlistentry> </variablelist> diff --git a/docs-xml/manpages-3/idmap_tdb.8.xml b/docs-xml/manpages-3/idmap_tdb.8.xml index e535bf0..9c44f1a 100644 --- a/docs-xml/manpages-3/idmap_tdb.8.xml +++ b/docs-xml/manpages-3/idmap_tdb.8.xml @@ -19,9 +19,33 @@ <refsynopsisdiv> <title>DESCRIPTION</title> - <para>The idmap_tdb plugin is the default backend used by winbindd - for storing SID/uid/gid mapping tables and implements - both the "idmap" and "idmap alloc" APIs. + <para> + The idmap_tdb plugin is the default backend used by winbindd + for storing SID/uid/gid mapping tables. + </para> + + <para> + In contrast to read only backends like idmap_rid, it is an allocating + backend: This means that it needs to allocate new user and group IDs in + order to create new mappings. The allocator can be provided by the + idmap_tdb backend itself or by any other allocating backend like + idmap_ldap or idmap_tdb2. This is configured with the + parameter <parameter>idmap alloc backend</parameter>. + </para> + + <para> + Note that in order for this (or any other allocating) backend to + function at all, the default backend needs to be writeable. + The ranges used for uid and gid allocation are the default ranges + configured by "idmap uid" and "idmap gid". + </para> + + <para> + Furthermore, since there is only one global allocating backend + responsible for all domains using writeable idmap backends, + any explicitly configured domain with idmap backend tdb + should have the same range as the default range, since it needs + to use the global uid / gid allocator. See the example below. </para> </refsynopsisdiv> @@ -33,30 +57,53 @@ <term>range = low - high</term> <listitem><para> Defines the available matching uid and gid range for which the - backend is authoritative. Note that the range commonly matches - the allocation range due to the fact that the same backend will - store and retrieve SID/uid/gid mapping entries. If the parameter - is absent, Winbind fail over to use the "idmap uid" and - "idmap gid" options from smb.conf. + backend is authoritative. + If the parameter is absent, Winbind fails over to use + the "idmap uid" and "idmap gid" options + from smb.conf. </para></listitem> </varlistentry> </variablelist> </refsect1> <refsect1> - <title>IDMAP ALLOC OPTIONS</title> + <title>EXAMPLES</title> - <variablelist> - <varlistentry> - <term>range = low - high</term> - <listitem><para> - Defines the available matching uid and gid range from which - winbindd can allocate for users and groups. If the parameter - is absent, Winbind fail over to use the "idmap uid" - and "idmap gid" options from smb.conf. - </para></listitem> - </varlistentry> - </variablelist> + <para> + This example shows how tdb is used as a the default idmap backend. + It configures the idmap range through the global options for all + domains encountered. This same range is used for uid/gid allocation. + </para> + + <programlisting> + [global] + # "idmap backend = tdb" is redundant here since it is the default + idmap backend = tdb + idmap uid = 1000000-2000000 + idmap gid = 1000000-2000000 + </programlisting> + + <para> + This (rather theoretical) example shows how tdb can be used as the + allocating backend while ldap is the default backend used to store + the mappings. + It adds an explicit configuration for some domain DOM1, that + uses the tdb idmap backend. Note that the same range as the + default uid/gid range is used, since the allocator has to serve + both the default backend and the explicitly configured domain DOM1. + </para> + + <programlisting> + [global] + idmap backend = ldap + idmap uid = 1000000-2000000 + idmap gid = 1000000-2000000 + # use a different uid/gid allocator: + idmap alloc backend = tdb + + idmap config DOM1 : backend = tdb + idmap config DOM1 : range = 1000000-2000000 + </programlisting> </refsect1> <refsect1> diff --git a/docs-xml/manpages-3/idmap_tdb2.8.xml b/docs-xml/manpages-3/idmap_tdb2.8.xml new file mode 100644 index 0000000..4f19ba1 --- /dev/null +++ b/docs-xml/manpages-3/idmap_tdb2.8.xml @@ -0,0 +1,133 @@ +<?xml version="1.0" encoding="iso-8859-1"?> +<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> +<refentry id="idmap_tdb2.8"> + +<refmeta> + <refentrytitle>idmap_tdb2</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="source">Samba</refmiscinfo> + <refmiscinfo class="manual">System Administration tools</refmiscinfo> + <refmiscinfo class="version">3.3</refmiscinfo> +</refmeta> + + +<refnamediv> + <refname>idmap_tdb2</refname> + <refpurpose>Samba's idmap_tdb2 Backend for Winbind</refpurpose> +</refnamediv> + +<refsynopsisdiv> + <title>DESCRIPTION</title> + + <para> + The idmap_tdb2 plugin is a substitute for the default idmap_tdb + backend used by winbindd for storing SID/uid/gid mapping tables + in clustered environments with Samba and CTDB. + </para> + + <para> + In contrast to read only backends like idmap_rid, it is an allocating + backend: This means that it needs to allocate new user and group IDs in + order to create new mappings. The allocator can be provided by the + idmap_tdb2 backend itself or by any other allocating backend like + idmap_tdb or idmap_ldap. This is configured with the + parameter <parameter>idmap alloc backend</parameter>. + </para> + + <para> + Note that in order for this (or any other allocating) backend to + function at all, the default backend needs to be writeable. + The ranges used for uid and gid allocation are the default ranges + configured by "idmap uid" and "idmap gid". + </para> + + <para> + Furthermore, since there is only one global allocating backend + responsible for all domains using writeable idmap backends, + any explicitly configured domain with idmap backend tdb2 + should have the same range as the default range, since it needs + to use the global uid / gid allocator. See the example below. + </para> +</refsynopsisdiv> + +<refsect1> + <title>IDMAP OPTIONS</title> + + <variablelist> + <varlistentry> + <term>range = low - high</term> + <listitem><para> + Defines the available matching uid and gid range for which the + backend is authoritative. + If the parameter is absent, Winbind fails over to use + the "idmap uid" and "idmap gid" options + from smb.conf. + </para></listitem> + </varlistentry> + </variablelist> +</refsect1> + +<refsect1> + <title>IDMAP SCRIPT</title> + + <para> + The tdb2 idmap backend supports a script for performing id mappings + through the smb.conf option <parameter>idmap : script</parameter>. + The script should accept the following command line options. + </para> + + <programlisting> + SIDTOID S-1-xxxx + IDTOSID UID xxxx + IDTOSID GID xxxx + </programlisting> + + <para> + And it should return one of the following responses as a single line of + text. + </para> + + <programlisting> + UID:yyyy + GID:yyyy + SID:yyyy + ERR:yyyy + </programlisting> + + <para> + Note that the script should cover the complete range of SIDs + that can be passed in for SID to Unix ID mapping, since otherwise + SIDs unmapped by the script might get mapped to IDs that had + previously been mapped by the script. + </para> +</refsect1> + +<refsect1> + <title>EXAMPLES</title> + + <para> + This example shows how tdb2 is used as a the default idmap backend. + It configures the idmap range through the global options for all + domains encountered. This same range is used for uid/gid allocation. + </para> + + <programlisting> + [global] + idmap backend = tdb2 + idmap uid = 1000000-2000000 + idmap gid = 1000000-2000000 + </programlisting> +</refsect1> + +<refsect1> + <title>AUTHOR</title> + + <para> + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + </para> +</refsect1> + +</refentry> -- Samba Shared Repository