diff options
author | Volker Lendecke <vlendec@samba.org> | 2005-03-04 17:04:56 +0000 |
---|---|---|
committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 08:46:14 -0500 |
commit | fa085d07268066e85aba8ee8c854cad0bef5972d (patch) | |
tree | f8b7f9ab77e08bd15d148df42fe0c815432951fa | |
parent | 8734c9d5e8f146ba44189fb33cde6ecc2943e991 (diff) | |
download | samba-fa085d07268066e85aba8ee8c854cad0bef5972d.tar.gz samba-fa085d07268066e85aba8ee8c854cad0bef5972d.tar.bz2 samba-fa085d07268066e85aba8ee8c854cad0bef5972d.zip |
Add smb.conf entry for ldapsam:trusted.
Could a docbook-xml expert (jelmer?) please look over this to make sure I did
not mess anything up?
Thanks,
Volker
(This used to be commit b6c67153a4725aa00888d52846c59836b7fcf938)
-rw-r--r-- | docs/smbdotconf/ldap/ldapsamtrusted.xml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/docs/smbdotconf/ldap/ldapsamtrusted.xml b/docs/smbdotconf/ldap/ldapsamtrusted.xml new file mode 100644 index 0000000000..980436bea6 --- /dev/null +++ b/docs/smbdotconf/ldap/ldapsamtrusted.xml @@ -0,0 +1,30 @@ +<samba:parameter name="ldapsam:trusted" + context="G" + type="string" + advanced="1" developer="0" + xmlns:samba="http://samba.org/common"> +<description> + +<para> +By default, Samba as a Domain Controller with an LDAP backend needs to use the +Unix-style NSS subsystem to access user and group information. Due to the way +Unix stores user information in /etc/passwd and /etc/group this inevitably +leads to inefficiencies. One important question a user needs to know is the +list of groups he is member of. The plain Unix model involves a complete +enumeration of the file /etc/group and its NSS counterparts in LDAP. In this +particular case there often optimized functions are available in Unix, but for +other queries there is no optimized function available.</para> + +<para>To make Samba scale well in large environments, the ldapsam:trusted=yes +option assumes that the complete user and group database that is relevant to +Samba is stored in LDAP with the standard posixAccount/posixGroup model, and +that the Samba auxiliary object classes are stored together with the the posix +data in the same LDAP object. If these assumptions are met, +ldapsam:trusted=yes can be activated and Samba can completely bypass the NSS +system to query user information. Optimized LDAP queries can speed up domain +logon and administration tasks a lot. Depending on the size of the LDAP +database a factor of 100 or more for common queries is easily achieved.</para> + +</description> +<value type="default">no</value> +</samba:parameter> |