1<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>idmap_adex</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"><a name="idmap_adex.8"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>idmap_adex — Samba's idmap_adex Backend for Winbind</p></div><div class="refsynopsisdiv"><h2>DESCRIPTION</h2><p> 2 The idmap_adex plugin provides a way for Winbind to read 3 id mappings from an AD server that uses RFC2307 schema 4 extensions. This module implements both the idmap and nss_info 5 APIs and supports domain trustes as well as two-way cross 6 forest trusts. It is a read-only plugin requiring that the 7 administrator provide mappings in advance by adding the 8 POSIX attribute information to the users and groups objects 9 in AD. The most common means of doing this is using "Identity 10 Services for Unix" support on Windows 2003 R2 and later. 11 </p><p> 12 Note that you must add the uidNumber, gidNumber, and uid 13 attributes to the partial attribute set of the forest global 14 catalog servers. This can be done using the Active Directory Schema 15 Management MMC plugin (schmmgmt.dll). 16 </p></div><div class="refsynopsisdiv"><h2>NSS_INFO</h2><p> 17 The nss_info plugin supports reading the unixHomeDirectory, 18 gidNumber, loginShell, and uidNumber attributes from the user 19 object and the gidNumber attribute from the group object to 20 fill in information required by the libc getpwnam() and 21 getgrnam() family of functions. Group membership is filled in 22 according to the Windows group membership and not the 23 msSFU30PosixMember attribute. 24 </p><p> 25 Username aliases are implement by setting the uid attribute 26 on the user object. While group name aliases are implemented 27 by reading the displayname attribute from the group object. 28 </p></div><div class="refsect1" lang="en"><a name="id2522940"></a><h2>EXAMPLES</h2><p> 29 The following example shows how to retrieve idmappings and NSS data 30 from our principal and trusted AD domains. 31 </p><pre class="programlisting"> 32 [global] 33 idmap backend = adex 34 idmap uid = 1000-4000000000 35 idmap gid = 1000-4000000000 36 37 winbind nss info = adex 38 winbind normalize names = yes 39 </pre></div><div class="refsect1" lang="en"><a name="id2483330"></a><h2>AUTHOR</h2><p> 40 The original Samba software and related utilities 41 were created by Andrew Tridgell. Samba is now developed 42 by the Samba Team as an Open Source project similar 43 to the way the Linux kernel is developed. 44 </p></div></div></body></html> 45