idmapd.conf

1. [General]
2. #Verbosity = 0
3. # The following should be set to the local NFSv4 domain name
4. # The default is the host's DNS domain name.
5. #Domain = local.domain.edu
6. Domain = LOCALDOMAIN
7.  
8. # In multi-domain environments, some NFS servers will append the identity
9. # management domain to the owner and owner_group in lieu of a true NFSv4
10. # domain.  This option can facilitate lookups in such environments.  If
11. # set to a value other than "none", the nsswitch  plugin will first pass
12. # the name to the password/group lookup function without stripping the
13. # domain off.  If that mapping fails then the plugin will try again using
14. # the old method (comparing the domain in the string to the Domain value,
15. # stripping it if it matches, and passing the resulting short name to the
16. # lookup function).  Valid values are "user", "group", "both", and
17. # "none".  The default is "none".
18. #No-Strip = none
19.  
20. # Winbind has a quirk whereby doing a group lookup in UPN format
21. # (e.g. staff@americas.example.com) will cause the group to be
22. # displayed prefixed with the full domain in uppercase
23. # (e.g. AMERICAS.EXAMPLE.COM\staff) instead of in the familiar netbios
24. # name format (e.g. AMERICAS\staff).  Setting this option to true
25. # causes the name to be reformatted before passing it to the group
26. # lookup function in order to work around this.  This setting is
27. # ignored unless No-Strip is set to either "both" or "group".
28. # The default is "false".
29. #Reformat-Group = false
30.  
31. # The following is a comma-separated list of Kerberos realm
32. # names that should be considered to be equivalent to the
33. # local realm, such that <user>@REALM.A can be assumed to
34. # be the same user as <user>@REALM.B
35. # If not specified, the default local realm is the domain name,
36. # which defaults to the host's DNS domain name,
37. # translated to upper-case.
38. # Note that if this value is specified, the local realm name
39. # must be included in the list!
40. #Local-Realms =
41.  
42. [Mapping]
43.  
44. #Nobody-User = nobody
45. #Nobody-Group = nobody
46.  
47. [Translation]
48.  
49. # Translation Method is an comma-separated, ordered list of
50. # translation methods that can be used.  Distributed methods
51. # include "nsswitch", "umich_ldap", and "static".  Each method
52. # is a dynamically loadable plugin library.
53. # New methods may be defined and inserted in the list.
54. # The default is "nsswitch".
55. #Method = nsswitch
56.  
57. # Optional.  This is a comma-separated, ordered list of
58. # translation methods to be used for translating GSS
59. # authenticated names to ids.
60. # If this option is omitted, the same methods as those
61. # specified in "Method" are used.
62. #GSS-Methods = <alternate method list for translating GSS names>
63.  
64. #-------------------------------------------------------------------#
65. # The following are used only for the "static" Translation Method.
66. #-------------------------------------------------------------------#
67. [Static]
68.  
69. # A "static" list of GSS-Authenticated names to
70. # local user name mappings
71.  
72. #someuser@REALM = localuser
73.  
74.  
75. #-------------------------------------------------------------------#
76. # The following are used only for the "umich_ldap" Translation Method.
77. #-------------------------------------------------------------------#
78.  
79. [UMICH_SCHEMA]
80.  
81. # server information (REQUIRED)
82. LDAP_server = ldap-server.local.domain.edu
83.  
84. # the default search base (REQUIRED)
85. LDAP_base = dc=local,dc=domain,dc=edu
86.  
87. #-----------------------------------------------------------#
88. # The remaining options have defaults (as shown)
89. # and are therefore not required.
90. #-----------------------------------------------------------#
91.  
92. # whether or not to perform canonicalization on the
93. # name given as LDAP_server
94. #LDAP_canonicalize_name = true
95.  
96. # absolute search base for (people) accounts
97. #LDAP_people_base = <LDAP_base>
98.  
99. # absolute search base for groups
100. #LDAP_group_base = <LDAP_base>
101.  
102. # Set to true to enable SSL - anything else is not enabled
103. #LDAP_use_ssl = false
104.  
105. # You must specify a CA certificate location if you enable SSL
106. #LDAP_ca_cert = /etc/ldapca.cert
107.  
108. # Objectclass mapping information
109.  
110. # Mapping for the person (account) object class
111. #NFSv4_person_objectclass = NFSv4RemotePerson
112.  
113. # Mapping for the nfsv4name attribute the person object
114. #NFSv4_name_attr = NFSv4Name
115.  
116. # Mapping for the UID number
117. #NFSv4_uid_attr = UIDNumber
118.  
119. # Mapping for the GSSAPI Principal name
120. #GSS_principal_attr = GSSAuthName
121.  
122. # Mapping for the account name attribute (usually uid)
123. # The value for this attribute must match the value of
124. # the group member attribute - NFSv4_member_attr
125. #NFSv4_acctname_attr = uid
126.  
127. # Mapping for the group object class
128. #NFSv4_group_objectclass = NFSv4RemoteGroup
129.  
130. # Mapping for the GID attribute
131. #NFSv4_gid_attr = GIDNumber
132.  
133. # Mapping for the Group NFSv4 name
134. #NFSv4_group_attr = NFSv4Name
135.  
136. # Mapping for the Group member attribute (usually memberUID)
137. # The value of this attribute must match the value of NFSv4_acctname_attr
138. #NFSv4_member_attr = memberUID