1<?xml version="1.0" encoding="iso-8859-1"?> 2<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc"> 3<refentry id="idmap_adex.8"> 4 5<refmeta> 6 <refentrytitle>idmap_adex</refentrytitle> 7 <manvolnum>8</manvolnum> 8 <refmiscinfo class="source">Samba</refmiscinfo> 9 <refmiscinfo class="manual">System Administration tools</refmiscinfo> 10 <refmiscinfo class="version">3.5</refmiscinfo> 11</refmeta> 12 13 14<refnamediv> 15 <refname>idmap_adex</refname> 16 <refpurpose>Samba's idmap_adex Backend for Winbind</refpurpose> 17</refnamediv> 18 19<refsynopsisdiv> 20 <title>DESCRIPTION</title> 21 <para> 22 The idmap_adex plugin provides a way for Winbind to read 23 id mappings from an AD server that uses RFC2307 schema 24 extensions. This module implements both the idmap and nss_info 25 APIs and supports domain trustes as well as two-way cross 26 forest trusts. It is a read-only plugin requiring that the 27 administrator provide mappings in advance by adding the 28 POSIX attribute information to the users and groups objects 29 in AD. The most common means of doing this is using "Identity 30 Services for Unix" support on Windows 2003 R2 and later. 31 </para> 32 33 <para> 34 Note that you must add the uidNumber, gidNumber, and uid 35 attributes to the partial attribute set of the forest global 36 catalog servers. This can be done using the Active Directory Schema 37 Management MMC plugin (schmmgmt.dll). 38 </para> 39</refsynopsisdiv> 40 41<refsynopsisdiv> 42 <title>NSS_INFO</title> 43 <para> 44 The nss_info plugin supports reading the unixHomeDirectory, 45 gidNumber, loginShell, and uidNumber attributes from the user 46 object and the gidNumber attribute from the group object to 47 fill in information required by the libc getpwnam() and 48 getgrnam() family of functions. Group membership is filled in 49 according to the Windows group membership and not the 50 msSFU30PosixMember attribute. 51 </para> 52 53 <para> 54 Username aliases are implement by setting the uid attribute 55 on the user object. While group name aliases are implemented 56 by reading the displayname attribute from the group object. 57 </para> 58</refsynopsisdiv> 59 60<refsect1> 61 <title>EXAMPLES</title> 62 <para> 63 The following example shows how to retrieve idmappings and NSS data 64 from our principal and trusted AD domains. 65 </para> 66 67 <programlisting> 68 [global] 69 idmap backend = adex 70 idmap uid = 1000-4000000000 71 idmap gid = 1000-4000000000 72 73 winbind nss info = adex 74 winbind normalize names = yes 75 </programlisting> 76</refsect1> 77 78<refsect1> 79 <title>AUTHOR</title> 80 81 <para> 82 The original Samba software and related utilities 83 were created by Andrew Tridgell. Samba is now developed 84 by the Samba Team as an Open Source project similar 85 to the way the Linux kernel is developed. 86 </para> 87</refsect1> 88 89</refentry> 90