diff options
| author | Gerald W. Carter <jerry@samba.org> | 2008-04-22 10:09:40 -0500 |
|---|---|---|
| committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 08:47:48 -0500 |
| commit | 8f8a9f01909ba29e2b781310baeeaaddc3f15f0d (patch) | |
| tree | 90c6b720ad3a7bc815245c0ef28820424f89d658 /docs-xml/smbdotconf/ldap/ldapsamtrusted.xml | |
| parent | 197238246389c40edc60c6630d18d6913086e630 (diff) | |
| download | samba-8f8a9f01909ba29e2b781310baeeaaddc3f15f0d.tar.gz samba-8f8a9f01909ba29e2b781310baeeaaddc3f15f0d.tar.bz2 samba-8f8a9f01909ba29e2b781310baeeaaddc3f15f0d.zip | |
Moving docs tree to docs-xml to make room for generated docs in the release tarball.
(This used to be commit 9f672c26d63955f613088489c6efbdc08b5b2d14)
Diffstat (limited to 'docs-xml/smbdotconf/ldap/ldapsamtrusted.xml')
| -rw-r--r-- | docs-xml/smbdotconf/ldap/ldapsamtrusted.xml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/ldap/ldapsamtrusted.xml b/docs-xml/smbdotconf/ldap/ldapsamtrusted.xml new file mode 100644 index 0000000000..2e4e1dbd7c --- /dev/null +++ b/docs-xml/smbdotconf/ldap/ldapsamtrusted.xml @@ -0,0 +1,30 @@ +<samba:parameter name="ldapsam:trusted" + context="G" + type="string" + advanced="1" developer="0" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + + <para> + By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to + access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group + this inevitably leads to inefficiencies. One important question a user needs to know is the list of groups he + is member of. The plain UNIX model involves a complete enumeration of the file /etc/group and its NSS + counterparts in LDAP. UNIX has optimized functions to enumerate group membership. Sadly, other functions that + are used to deal with user and group attributes lack such optimization. + </para> + + <para> + To make Samba scale well in large environments, the <smbconfoption name="ldapsam:trusted">yes</smbconfoption> + option assumes that the complete user and group database that is relevant to Samba is stored in LDAP with the + standard posixAccount/posixGroup attributes. It further assumes that the Samba auxiliary object classes are + stored together with the POSIX data in the same LDAP object. If these assumptions are met, + <smbconfoption name="ldapsam:trusted">yes</smbconfoption> can be activated and Samba can bypass the + NSS system to query user group memberships. Optimized LDAP queries can greatly speed up domain logon and + administration tasks. Depending on the size of the LDAP database a factor of 100 or more for common queries + is easily achieved. + </para> + +</description> +<value type="default">no</value> +</samba:parameter> |