aiden
/
freshtomato-arm
mirror of https://bitbucket.org/pedro311/freshtomato-arm
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
arm-master
arm-sdk714
arm-sdk7
arm-ng
2025.2
2024.5
2024.4
2024.3
2024.2
2024.1
2023.5
2023.4
2023.3
2023.2
2023.1
2022.7
2022.6
2022.5
2022.4
2022.3
2022.2
2022.1
2021.8
2021.7
2021.6
2021.5
2021.4
2021.3
2021.2
2021.1
2021.1.082
2021.1.070
2021.1.044
2020.8
2020.8.164
2020.8.144
2020.8.130
2020.8.113
2020.8.083
2020.8.060
2020.8.048
2020.8.042
2020.8.029
2020.8.022
2020.8.021
2020.6
2020.6.084
2020.6.080
2020.6.076
2020.6.065
2020.6.064
2020.6.060
2020.6.055
2020.5
2020.4
2020.4.140
2020.4.100
2020.4.078
2020.3
2020.3.039
2020.3.031
2020.3.028
2020.3.027
2020.2
2020.1
2020.1.037
2020.1.001
2019.4
2019.4.095
2019.4.090
2019.4.056
2019.3
2019.3.274
2025.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'arm-master'
${ noResults }
freshtomato-arm/release/src-rt-6.x.4708/router/samba3/docs/manpages/idmap_ldap.8

107 lines
4.4 KiB
Groff
Raw Permalink Blame History

'\" t
.\" Title: idmap_ldap
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
.\" Date: 09/18/2013
.\" Manual: System Administration tools
.\" Source: Samba 3.6
.\" Language: English
.\"
.TH "IDMAP_LDAP" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
idmap_ldap \- Samba\*(Aqs idmap_ldap Backend for Winbind
.SH "DESCRIPTION"
.PP
The idmap_ldap plugin provides a means for Winbind to store and retrieve SID/uid/gid mapping tables in an LDAP directory service\&.
.PP
In contrast to read only backends like idmap_rid, it is an allocating backend: This means that it needs to allocate new user and group IDs in order to create new mappings\&.
.SH "IDMAP OPTIONS"
.PP
ldap_base_dn = DN
.RS 4
Defines the directory base suffix to use for SID/uid/gid mapping entries\&. If not defined, idmap_ldap will default to using the "ldap idmap suffix" option from smb\&.conf\&.
.RE
.PP
ldap_user_dn = DN
.RS 4
Defines the user DN to be used for authentication\&. The secret for authenticating this user should be stored with net idmap secret (see
\fBnet\fR(8))\&. If absent, the ldap credentials from the ldap passdb configuration are used, and if these are also absent, an anonymous bind will be performed as last fallback\&.
.RE
.PP
ldap_url = ldap://server/
.RS 4
Specifies the LDAP server to use for SID/uid/gid map entries\&. If not defined, idmap_ldap will assume that ldap://localhost/ should be used\&.
.RE
.PP
range = low \- high
.RS 4
Defines the available matching uid and gid range for which the backend is authoritative\&.
.RE
.SH "EXAMPLES"
.PP
The following example shows how an ldap directory is used as the default idmap backend\&. It also configures the idmap range and base directory suffix\&. The secret for the ldap_user_dn has to be set with "net idmap secret \*(Aq*\*(Aq password"\&.
.sp
.if n \{\
.RS 4
.\}
.nf
[global]
idmap config * : backend = ldap
idmap config * : range = 1000000\-1999999
idmap config * : ldap_url = ldap://localhost/
idmap config * : ldap_base_dn = ou=idmap,dc=example,dc=com
idmap config * : ldap_user_dn = cn=idmap_admin,dc=example,dc=com
.fi
.if n \{\
.RE
.\}
.PP
This example shows how ldap can be used as a readonly backend while tdb is the default backend used to store the mappings\&. It adds an explicit configuration for some domain DOM1, that uses the ldap idmap backend\&. Note that a range disjoint from the default range is used\&.
.sp
.if n \{\
.RS 4
.\}
.nf
[global]
# "backend = tdb" is redundant here since it is the default
idmap config * : backend = tdb
idmap config * : range = 1000000\-1999999
idmap config DOM1 : backend = ldap
idmap config DOM1 : range = 2000000\-2999999
idmap config DOM1 : read only = yes
idmap config DOM1 : ldap_url = ldap://server/
idmap config DOM1 : ldap_base_dn = ou=idmap,dc=dom1,dc=example,dc=com
idmap config DOM1 : ldap_user_dn = cn=idmap_admin,dc=dom1,dc=example,dc=com
.fi
.if n \{\
.RE
.\}
.SH "NOTE"
.PP
In order to use authentication against ldap servers you may need to provide a DN and a password\&. To avoid exposing the password in plain text in the configuration file we store it into a security store\&. The "net idmap " command is used to store a secret for the DN specified in a specific idmap domain\&.
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.
Reference in New Issue View Git Blame Copy Permalink