Current File : //usr/share/man/man8/idmap_autorid.8

'\" te
'\" t
.\"     Title: idmap_autorid
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
.\"      Date: 09/18/2013
.\"    Manual: System Administration tools
.\"    Source: Samba 3.6
.\"  Language: English
.\"
.TH "IDMAP_AUTORID" "8" "09/18/2013" "Samba 3\&.6" "System Administration tools"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
idmap_autorid \- Samba\*(Aqs idmap_autorid Backend for Winbind
.SH "DESCRIPTION"
.PP
The idmap_autorid backend provides a way to use an algorithmic mapping scheme to map UIDs/GIDs and SIDs that is more deterministic than idmap_tdb and easier to configure than idmap_rid\&.
.PP
The module works similar to idmap_rid, but it automatically configures the range to be used for each domain, so there is no need to specify a specific range for each domain in the forest, the only configuration that is needed is the range of uid/gids that shall be used for user/group mappings and an optional size of the ranges to be used\&.
.PP
The mappings of which domain is mapped to which range is stored in autorid\&.tdb, thus you should backup this database regularly\&.
.PP
Due to the algorithm being used, it is the module that is most easy to use as it only requires a minimal configuration\&.
.SH "IDMAP OPTIONS"
.PP
rangesize = numberofidsperdomain
.RS 4
Defines the available number of uids/gids per domain\&. The minimum needed value is 2000\&. SIDs with RIDs larger than this value cannot be mapped, are ignored and the corresponding map is discarded\&. Choose this value carefully, as this should not be changed after the first ranges for domains have been defined, otherwise mappings between domains will get intermixed leading to unpredictable results\&. Please note that RIDs in Windows Domains usually start with 500 for builtin users and 1000 for regular users\&. As the parameter cannot be changed later, please plan accordingly for your expected number of users in a domain with safety margins\&.
.sp
One range will be used for local users and groups\&. Thus the number of local users and groups that can be created is limited by this option as well\&. If you plan to create a large amount of local users or groups, you will need set this parameter accordingly\&.
.sp
The default value is 100000\&.
.RE
.SH "THE MAPPING FORMULAS"
.PP
The Unix ID for a RID is calculated this way:
.sp
.if n \{\
.RS 4
.\}
.nf
			ID = IDMAP UID LOW VALUE + DOMAINRANGENUMBER * RANGESIZE + RID
		
.fi
.if n \{\
.RE
.\}
.PP
Correspondingly, the formula for calculating the RID for a given Unix ID is this:
.sp
.if n \{\
.RS 4
.\}
.nf
			RID = ID \- IDMAP UID LOW VALUE \- DOMAINRANGENUMBER * RANGESIZE
		
.fi
.if n \{\
.RE
.\}
.sp
.SH "EXAMPLES"
.PP
This example shows you the minimal configuration that will work for the principial domain and 19 trusted domains\&.
.sp
.if n \{\
.RS 4
.\}
.nf
	[global]
	security = ads
	workgroup = CUSTOMER
	realm = CUSTOMER\&.COM

	idmap config * : backend = autorid
	idmap config * : range = 1000000\-1999999

	
.fi
.if n \{\
.RE
.\}
.PP
This example shows how to configure idmap_autorid as default for all domains with a potentially large amount of users plus a specific configuration for a trusted domain that uses the SFU mapping scheme\&. Please note that idmap ranges and sfu ranges are not allowed to overlap\&.
.sp
.if n \{\
.RS 4
.\}
.nf
	[global]
	security = ads
	workgroup = CUSTOMER
	realm = CUSTOMER\&.COM

	idmap config * : backend = autorid
	idmap config * : range = 1000000\-19999999
	idmap config * : rangesize = 1000000

	idmap config TRUSTED : backend  = ad
	idmap config TRUSTED : range    = 50000 \- 99999
	idmap config TRUSTED : schema_mode = sfu
	
.fi
.if n \{\
.RE
.\}
.SH "AUTHOR"
.PP
The original Samba software and related utilities were created by Andrew Tridgell\&. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed\&.


.\" Oracle has added the ARC stability level to this manual page
.SH ATTRIBUTES
See
.BR attributes (5)
for descriptions of the following attributes:
.sp
.TS
box;
cbp-1 | cbp-1
l | l .
ATTRIBUTE TYPE	ATTRIBUTE VALUE 
=
Availability	service/network/samba
=
Stability	Volatile
.TE 
.PP

.SH NOTES

.\" Oracle has added source availability information to this manual page
This software was built from source available at https://java.net/projects/solaris-userland.  The original community source was downloaded from  http://ftp.samba.org/pub/samba/stable/samba-3.6.25.tar.gz

Further information about this software can be found on the open source community website at http://www.samba.org/.