/* Void Main's man pages */
{ phpMan } else { main(); }
IDMAP_ADEX(8) System Administration tools IDMAP_ADEX(8)
NAME
idmap_adex - Samba's idmap_adex Backend for Winbind
DESCRIPTION
The idmap_adex plugin provides a way for Winbind to read id mappings from an AD server that uses RFC2307 schema
extensions. This module implements both the idmap and nss_info APIs and supports domain trustes as well as two-way cross
forest trusts. It is a read-only plugin requiring that the administrator provide mappings in advance by adding the POSIX
attribute information to the users and groups objects in AD. The most common means of doing this is using "Identity
Services for Unix" support on Windows 2003 R2 and later.
Note that you must add the uidNumber, gidNumber, and uid attributes to the partial attribute set of the forest global
catalog servers. This can be done using the Active Directory Schema Management MMC plugin (schmmgmt.dll).
NSS_INFO
The nss_info plugin supports reading the unixHomeDirectory, gidNumber, loginShell, and uidNumber attributes from the user
object and the gidNumber attribute from the group object to fill in information required by the libc getpwnam() and
getgrnam() family of functions. Group membership is filled in according to the Windows group membership and not the
msSFU30PosixMember attribute.
Username aliases are implement by setting the uid attribute on the user object. While group name aliases are implemented
by reading the displayname attribute from the group object.
EXAMPLES
The following example shows how to retrieve idmappings and NSS data from our principal and trusted AD domains.
[global]
idmap backend = adex
idmap uid = 1000-4000000000
idmap gid = 1000-4000000000
winbind nss info = adex
winbind normalize names = yes
AUTHOR
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba
Team as an Open Source project similar to the way the Linux kernel is developed.
Samba 3.5 08/02/2011 IDMAP_ADEX(8)
