diff options
| author | Jelmer Vernooij <jelmer@samba.org> | 2003-06-16 16:06:25 +0000 | 
|---|---|---|
| committer | Jelmer Vernooij <jelmer@samba.org> | 2003-06-16 16:06:25 +0000 | 
| commit | c207399d16a7a921cd092d52cd380758fb00a77a (patch) | |
| tree | 44543f1034c96449470838f88275bafc7bfe62e2 | |
| parent | 979c447060387254375ad35a52f58a91027368fb (diff) | |
| download | samba-c207399d16a7a921cd092d52cd380758fb00a77a.tar.gz samba-c207399d16a7a921cd092d52cd380758fb00a77a.tar.bz2 samba-c207399d16a7a921cd092d52cd380758fb00a77a.zip | |
Fix some information, based on comments by Andrew Bartlett.
(This used to be commit 443b00c949b37b2fe593adb9d46ad248e69f9deb)
| -rw-r--r-- | docs/docbook/projdoc/Speed.xml | 11 | ||||
| -rw-r--r-- | docs/docbook/projdoc/passdb.xml | 63 | 
2 files changed, 26 insertions, 48 deletions
| diff --git a/docs/docbook/projdoc/Speed.xml b/docs/docbook/projdoc/Speed.xml index cdf2246b9f..cbc1807e4e 100644 --- a/docs/docbook/projdoc/Speed.xml +++ b/docs/docbook/projdoc/Speed.xml @@ -199,17 +199,6 @@ the lowest practical <parameter>password level</parameter> will improve things.  </sect1>  <sect1> -<title>LDAP</title> - -<para> -LDAP can be vastly improved by using the -<ulink url="smb.conf.5.html#LDAPTRUSTIDS"><parameter>ldap trust ids</parameter></ulink> parameter. -</para> - -</sect1> - - -<sect1>  <title>Client tuning</title>  <para> diff --git a/docs/docbook/projdoc/passdb.xml b/docs/docbook/projdoc/passdb.xml index 1bbec990cc..6c77ca9dc1 100644 --- a/docs/docbook/projdoc/passdb.xml +++ b/docs/docbook/projdoc/passdb.xml @@ -703,12 +703,12 @@ backends of the same type. For example, to use two different tdbsam databases:  			<para>  			Samba 3.0 includes the necessary schema file for OpenLDAP 2.0 in -			<filename>examples/LDAP/samba.schema</filename>.  The sambaAccount objectclass is given here: +			<filename>examples/LDAP/samba.schema</filename>.  The sambaSamAccount objectclass is given here:  			</para>  <para>  <programlisting> -objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY +objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaSamAccount' SUP top AUXILIARY      DESC 'Samba Auxilary Account'      MUST ( uid $ rid )      MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ @@ -728,8 +728,8 @@ objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY  			<para>  			Just as the smbpasswd file is meant to store information which supplements a -			user's <filename>/etc/passwd</filename> entry, so is the sambaAccount object -			meant to supplement the UNIX user account information.  A sambaAccount is a +			user's <filename>/etc/passwd</filename> entry, so is the sambaSamAccount object +			meant to supplement the UNIX user account information.  A sambaSamAccount is a  			<constant>STRUCTURAL</constant> objectclass so it can be stored individually  			in the directory.  However, there are several fields (e.g. uid) which overlap  			with the posixAccount objectclass outlined in RFC2307.  This is by design. @@ -740,7 +740,7 @@ objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY  			<para>  			In order to store all user account information (UNIX and Samba) in the directory, -			it is necessary to use the sambaAccount and posixAccount objectclasses in +			it is necessary to use the sambaSamAccount and posixAccount objectclasses in  			combination.  However, smbd will still obtain the user's UNIX account  			information via the standard C library calls (e.g. getpwnam(), et. al.).  			This means that the Samba server must also have the LDAP NSS library installed @@ -754,7 +754,7 @@ objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY  		<title>OpenLDAP configuration</title>  			<para> -			To include support for the sambaAccount object in an OpenLDAP directory +			To include support for the sambaSamAccount object in an OpenLDAP directory  			server, first copy the samba.schema file to slapd's configuration directory.  			The samba.schema file can be found in the directory <filename>examples/LDAP</filename>  			in the samba source distribution. @@ -768,7 +768,7 @@ objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY  			<para>  			Next, include the <filename>samba.schema</filename> file in <filename>slapd.conf</filename>. -			The sambaAccount object contains two attributes which depend upon other schema +			The sambaSamAccount object contains two attributes which depend upon other schema  			files.  The 'uid' attribute is defined in <filename>cosine.schema</filename> and  			the 'displayName' attribute is defined in the <filename>inetorgperson.schema</filename>  			file.  Both of these must be included before the <filename>samba.schema</filename> file. @@ -781,7 +781,7 @@ objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY  ## schema files (core.schema is required by default)  include	           /etc/openldap/schema/core.schema -## needed for sambaAccount +## needed for sambaSamAccount  include            /etc/openldap/schema/cosine.schema  include            /etc/openldap/schema/inetorgperson.schema  include            /etc/openldap/schema/samba.schema @@ -792,7 +792,7 @@ include            /etc/openldap/schema/nis.schema  		<para>  		It is recommended that you maintain some indices on some of the most usefull attributes, -		like in the following example, to speed up searches made on sambaAccount objectclasses +		like in the following example, to speed up searches made on sambaSamAccount objectclasses  		(and possibly posixAccount and posixGroup as well).  		</para> @@ -988,7 +988,7 @@ userPassword: {SSHA}c3ZM9tBaBo9autm1dL3waDS21+JSfQVz       ldap suffix = "ou=people,dc=samba,dc=org"       # generally the default ldap search filter is ok -     # ldap filter = "(&(uid=%u)(objectclass=sambaAccount))" +     # ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))"  </programlisting>  </para> @@ -998,12 +998,12 @@ userPassword: {SSHA}c3ZM9tBaBo9autm1dL3waDS21+JSfQVz  		<title>Accounts and Groups management</title>  			<para> -			As users accounts are managed thru the sambaAccount objectclass, you should -			modify your existing administration tools to deal with sambaAccount attributes. +			As users accounts are managed thru the sambaSamAccount objectclass, you should +			modify your existing administration tools to deal with sambaSamAccount attributes.  			</para>  			<para> -			Machines accounts are managed with the sambaAccount objectclass, just +			Machines accounts are managed with the sambaSamAccount objectclass, just  			like users accounts. However, it's up to you to store thoses accounts  			in a different tree of your LDAP namespace: you should use  			"ou=Groups,dc=plainjoe,dc=org" to store groups and @@ -1022,12 +1022,12 @@ userPassword: {SSHA}c3ZM9tBaBo9autm1dL3waDS21+JSfQVz  		</sect3>  		<sect3> -		<title>Security and sambaAccount</title> +		<title>Security and sambaSamAccount</title>  			<para>  			There are two important points to remember when discussing the security -			of sambaAccount entries in the directory. +			of sambaSamAccount entries in the directory.  			</para>  			<itemizedlist> @@ -1045,7 +1045,7 @@ userPassword: {SSHA}c3ZM9tBaBo9autm1dL3waDS21+JSfQVz  			</para>  			<para> -			To remedy the first security issue, the "ldap ssl" smb.conf parameter defaults +				To remedy the first security issue, the <parameter>ldap ssl</parameter> &smb.conf; parameter defaults  			to require an encrypted session (<parameter>ldap ssl = on</parameter>) using  			the default port of <constant>636</constant>  			when contacting the directory server.  When using an OpenLDAP server, it @@ -1078,15 +1078,15 @@ access to attrs=lmPassword,ntPassword  		</sect3>  		<sect3> -		<title>LDAP special attributes for sambaAccounts</title> +		<title>LDAP special attributes for sambaSamAccounts</title>  			<para> -			The sambaAccount objectclass is composed of the following attributes: +			The sambaSamAccount objectclass is composed of the following attributes:  			</para>  			<para>  			<table frame="all"> -				<title>Attributes in the sambaAccount objectclass (LDAP)</title> +				<title>Attributes in the sambaSamAccount objectclass (LDAP)</title>  			<tgroup cols="2" align="left">  			<tbody>  				<row><entry><constant>lmPassword</constant></entry><entry>the LANMAN password 16-byte hash stored as a character @@ -1151,7 +1151,7 @@ access to attrs=lmPassword,ntPassword  			The majority of these parameters are only used when Samba is acting as a PDC of  			a domain (refer to the <link linkend="samba-pdc">Samba as a primary domain controller</link> chapter for details on  			how to configure Samba as a Primary Domain Controller). The following four attributes -			are only stored with the sambaAccount entry if the values are non-default values: +			are only stored with the sambaSamAccount entry if the values are non-default values:  			</para>  			<simplelist> @@ -1162,7 +1162,7 @@ access to attrs=lmPassword,ntPassword  			</simplelist>  			<para> -			These attributes are only stored with the sambaAccount entry if +			These attributes are only stored with the sambaSamAccount entry if  			the values are non-default values.  For example, assume TASHTEGO has now been  			configured as a PDC and that <parameter>logon home = \\%L\%u</parameter> was defined in  			its &smb.conf; file. When a user named "becky" logons to the domain, @@ -1177,7 +1177,7 @@ access to attrs=lmPassword,ntPassword  		</sect3>  		<sect3> -		<title>Example LDIF Entries for a sambaAccount</title> +		<title>Example LDIF Entries for a sambaSamAccount</title>  			<para>  			The following is a working LDIF with the inclusion of the posixAccount objectclass: @@ -1192,7 +1192,7 @@ access to attrs=lmPassword,ntPassword  	lmPassword: 552902031BEDE9EFAAD3B435B51404EE  	pwdLastSet: 1010179124  	logonTime: 0 -	objectClass: sambaAccount +	objectClass: sambaSamAccount  	uid: guest2  	kickoffTime: 2147483647  	acctFlags: [UX         ] @@ -1203,7 +1203,7 @@ access to attrs=lmPassword,ntPassword  	</para>  			<para> -			The following is an LDIF entry for using both the sambaAccount and +			The following is an LDIF entry for using both the sambaSamAccount and  			posixAccount objectclasses:  			</para> @@ -1215,7 +1215,7 @@ access to attrs=lmPassword,ntPassword  	lmPassword: 552902031BEDE9EFAAD3B435B51404EE  	primaryGroupID: 1201  	objectClass: posixAccount -	objectClass: sambaAccount +	objectClass: sambaSamAccount  	acctFlags: [UX         ]  	userPassword: {crypt}BpM2ej8Rkzogo  	uid: gcarter @@ -1262,8 +1262,7 @@ access to attrs=lmPassword,ntPassword  		       <varlistentry>  			       <term>only</term>  			       <listitem><para>Only update the LDAP password and let the LDAP server worry -					       about the other fields. This option is only available when -					       the LDAP library supports LDAP_EXOP_X_MODIFY_PASSWD. </para></listitem> +					       about the other fields. This option is only available when the LDAP server supports LDAP_EXOP_X_MODIFY_PASSWD. </para></listitem>  		       </varlistentry>  		</variablelist> @@ -1272,16 +1271,6 @@ access to attrs=lmPassword,ntPassword  		</sect3> -		<sect3> -		<title>ldap trust ids</title> - -		<para> -		LDAP Performance can be improved by using the <command>ldap trust ids</command> parameter. -		See the <ulink url="smb.conf.5.html#LDAPTRUSTIDS">smb.conf</ulink> manpage for details. -		</para> - -		</sect3> -  	</sect2>  	<sect2> | 
