1
<samba:parameter name="idmap config"
4
advanced="1" developer="1" hide="1"
5
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
9
The idmap config prefix provides a means of managing each trusted
10
domain separately. The idmap config prefix should be followed by the
11
name of the domain, a colon, and a setting specific to the chosen
12
backend. There are three options available for all domains:
17
<term>backend = backend_name</term>
19
Specifies the name of the idmap plugin to use as the
20
SID/uid/gid backend for this domain.
25
<term>range = low - high</term>
27
Defines the available matching uid and gid range for which the
28
backend is authoritative. Note that the range commonly
29
matches the allocation range due to the fact that the same
30
backend will store and retrieve SID/uid/gid mapping entries.
33
winbind uses this parameter to find the backend that is
34
authoritative for a unix ID to SID mapping, so it must be set
35
for each individually configured domain, and it must be
36
disjoint from the ranges set via <smbconfoption name="idmap
37
uid"/> and <smbconfoption name="idmap gid"/>.
44
The following example illustrates how to configure the <citerefentry>
45
<refentrytitle>idmap_ad</refentrytitle> <manvolnum>8</manvolnum>
46
</citerefentry> for the CORP domain and the
47
<citerefentry><refentrytitle>idmap_tdb</refentrytitle>
48
<manvolnum>8</manvolnum></citerefentry> backend for all other
49
domains. This configuration assumes that the admin of CORP assigns
50
unix ids below 1000000 via the SFU extensions, and winbind is supposed
51
to use the next million entries for its own mappings from trusted
52
domains and for local groups for example.
57
idmap uid = 1000000-1999999
58
idmap gid = 1000000-1999999
60
idmap config CORP : backend = ad
61
idmap config CORP : range = 1000-999999