From 0e9a11c95786cbdc828cf964550ffdca8d0e6d6e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 21 Jan 2009 00:13:29 +0100 Subject: s3:docs: update the idmap_ldap manpage to reflect current facts. Michael (cherry picked from commit 7c5621b6e09d9ae3fe936a86e46d1b0f35906e6d) Signed-off-by: Michael Adam (cherry picked from commit 1bbc5f228b8b73a623f7afc5eb79c08757366029) --- docs-xml/manpages-3/idmap_ldap.8.xml | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) (limited to 'docs-xml') diff --git a/docs-xml/manpages-3/idmap_ldap.8.xml b/docs-xml/manpages-3/idmap_ldap.8.xml index 5bd65aa9abd..4d6167353c7 100644 --- a/docs-xml/manpages-3/idmap_ldap.8.xml +++ b/docs-xml/manpages-3/idmap_ldap.8.xml @@ -21,8 +21,25 @@ The idmap_ldap plugin provides a means for Winbind to store and retrieve SID/uid/gid mapping tables in an LDAP directory - service. The module implements both the "idmap" and - "idmap alloc" APIs. + service. + In contrast to read only backends like idmap_rid, it is an allocating + backend: This means that it needs to allocate new user and group IDs to + create new mappings as requests to yet unmapped users are answered. + + + + Note that in order for this (or any other allocating) backend to + function at all, the default backend needs to be writeable. + The ranges used for uid and gid allocation are the default ranges + configured by "idmap uid" and "idmap gid". + + + + Furthermore, since there is only one global allocating backend + responsible for all domains using writeable idmap backends, + any explicitly configured domain with idmap backend ldap + should have the same range as the default range, since it needs + to use the global uid / gid allocator. See the example below. @@ -60,11 +77,10 @@ range = low - high Defines the available matching uid and gid range for which the - backend is authoritative. Note that the range commonly matches - the allocation range due to the fact that the same backend will - store and retrieve SID/uid/gid mapping entries. If the parameter - is absent, Winbind fail over to use the "idmap uid" and - "idmap gid" options from smb.conf. + backend is authoritative. + If the parameter is absent, Winbind fails over to use the + "idmap uid" and "idmap gid" options + from smb.conf. -- cgit