Add new framework for smb.conf(5). Please read README before trying to compile.

I will commit more meta-information updates during week-end.
(This used to be commit 8d684dffab6a90b3d612a1aa2b2c457a2bc2e6ac)

12 files changed, 176 insertions, 0 deletions

diff --git a/docs/docbook/smbdotconf/ldap/ldapadmindn.xml b/docs/docbook/smbdotconf/ldap/ldapadmindn.xml
new file mode 100644
index 0000000000..f92e8ce310
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapadmindn.xml
@@ -0,0 +1,13 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+		<term><anchor id="LDAPADMINDN"/>ldap admin dn (G)</term>
+		<listitem><para> The <parameter moreinfo="none">ldap admin dn</parameter> defines the Distinguished 
+		Name (DN) name used by Samba to contact the ldap server when retreiving 
+		user account information. The <parameter moreinfo="none">ldap
+		admin dn</parameter> is used in conjunction with the admin dn password
+		stored in the <filename moreinfo="none">private/secrets.tdb</filename> file.  See the
+		<citerefentry><refentrytitle>smbpasswd</refentrytitle>
+		<manvolnum>8</manvolnum></citerefentry> man page for more information on how 
+		to accmplish this.
+		</para>
+                </listitem>
+                </samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml b/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml
new file mode 100644
index 0000000000..2b081853c6
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml
@@ -0,0 +1,10 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+		<term><anchor id="LDAPDELETEDN"/>ldap del only sam attr (G)</term>
+		<listitem><para> This parameter specifies whether a delete
+		operation in the ldapsam deletes the complete entry or only the attributes
+		specific to Samba.
+		</para>
+	
+		<para>Default : <emphasis>ldap delete dn = no</emphasis></para>
+		</listitem>
+		</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapdelonlysamattr.xml b/docs/docbook/smbdotconf/ldap/ldapdelonlysamattr.xml
new file mode 100644
index 0000000000..bae5b51e60
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapdelonlysamattr.xml
@@ -0,0 +1,6 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+		<term><anchor id="LDAPDELONLYSAMATTR"/>ldap del only sam attr (G)</term>
+		<listitem><para> Inverted synonym for <link linked="LDAPDELETEDN"><parameter moreinfo="none">
+		ldap delete dn</parameter></link>.</para>
+		</listitem>
+		</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapfilter.xml b/docs/docbook/smbdotconf/ldap/ldapfilter.xml
new file mode 100644
index 0000000000..6ddf8db30f
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapfilter.xml
@@ -0,0 +1,12 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+		<term><anchor id="LDAPFILTER"/>ldap filter (G)</term>
+		<listitem><para>This parameter specifies the RFC 2254 compliant LDAP search filter.
+		The default is to match the login name with the <constant>uid</constant> 
+		attribute for all entries matching the <constant>sambaAccount</constant>		
+		objectclass.  Note that this filter should only return one entry.
+		</para>
+	
+		
+		<para>Default : <command moreinfo="none">ldap filter = (&amp;(uid=%u)(objectclass=sambaAccount))</command></para>
+		</listitem>
+		</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml b/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml
new file mode 100644
index 0000000000..e02bf9acfc
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml
@@ -0,0 +1,11 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+		<term><anchor id="LDAPMACHINESUFFIX"/>ldap machine suffix (G)</term>
+		<listitem><para>It specifies where machines should be 
+                added to the ldap tree.
+		</para>
+		
+	
+		
+		<para>Default : <emphasis>none</emphasis></para>
+		</listitem>
+		</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml b/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml
new file mode 100644
index 0000000000..ce9449374d
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml
@@ -0,0 +1,23 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+		<term><anchor id="LDAPPASSWDSYNC"/>ldap passwd sync (G)</term>
+		<listitem><para>This option is used to define whether
+		or not Samba should sync the LDAP password with the NT
+		and LM hashes for normal accounts (NOT for
+		workstation, server or domain trusts) on a password
+		change via SAMBA.  
+		</para>
+
+		<para>
+		The <parameter moreinfo="none">ldap passwd sync</parameter> can be set to one of three values:
+		</para>
+		<itemizedlist>
+			<listitem><para><parameter moreinfo="none">Yes</parameter>  =  Try to update the LDAP, NT and LM passwords and update the pwdLastSet time.</para></listitem>
+			
+			<listitem><para><parameter moreinfo="none">No</parameter> = Update NT and LM passwords and update the pwdLastSet time.</para></listitem>
+
+			<listitem><para><parameter moreinfo="none">Only</parameter> = Only update the LDAP password and let the LDAP server do the rest.</para></listitem>
+		</itemizedlist>		
+		
+		<para>Default : <command moreinfo="none">ldap passwd sync = no</command></para>
+		</listitem>
+		</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapport.xml b/docs/docbook/smbdotconf/ldap/ldapport.xml
new file mode 100644
index 0000000000..97c256d423
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapport.xml
@@ -0,0 +1,20 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+                <term><anchor id="LDAPPORT"/>ldap port (G)</term>
+                <listitem><para>This parameter is only available if Samba has been
+                configure to include the <command moreinfo="none">--with-ldapsam</command> option
+                at compile time.
+                </para>
+
+                <para>
+                This option is used to control the tcp port number used to contact
+                the <link linkend="LDAPSERVER"><parameter moreinfo="none">ldap server</parameter></link>.
+                The default is to use the stand LDAPS port 636.
+                </para>
+
+                <para>See Also: <link linkend="LDAPSSL">ldap ssl</link>
+                </para>
+
+                <para>Default : <command moreinfo="none">ldap port = 636 ; if ldap ssl = on</command></para>
+                <para>Default : <command moreinfo="none">ldap port = 389 ; if ldap ssl = off</command></para>
+                </listitem>
+                </samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapserver.xml b/docs/docbook/smbdotconf/ldap/ldapserver.xml
new file mode 100644
index 0000000000..33d5652ac9
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapserver.xml
@@ -0,0 +1,15 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+                <term><anchor id="LDAPSERVER"/>ldap server (G)</term>
+                <listitem><para>This parameter is only available if Samba has been
+                configure to include the <command moreinfo="none">--with-ldapsam</command> option
+                at compile time.
+                </para>
+
+                <para>
+                This parameter should contain the FQDN of the ldap directory
+                server which should be queried to locate user account information.
+                </para>
+
+                <para>Default : <command moreinfo="none">ldap server = localhost</command></para>
+                </listitem>
+                </samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapssl.xml b/docs/docbook/smbdotconf/ldap/ldapssl.xml
new file mode 100644
index 0000000000..d747d8f7df
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapssl.xml
@@ -0,0 +1,30 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+		<term><anchor id="LDAPSSL"/>ldap ssl (G)</term>
+		<listitem><para>This option is used to define whether or not Samba should
+		use SSL when connecting to the ldap server
+		This is <emphasis>NOT</emphasis> related to
+		Samba's previous SSL support which was enabled by specifying the 
+		<command moreinfo="none">--with-ssl</command> option to the <filename moreinfo="none">configure</filename> 
+		script.
+		</para>
+		
+		<para>
+		The <parameter moreinfo="none">ldap ssl</parameter> can be set to one of three values:
+		</para>	
+		<itemizedlist>
+			<listitem><para><parameter moreinfo="none">Off</parameter> = Never use SSL when querying the directory.</para></listitem>
+
+			<listitem><para><parameter moreinfo="none">Start_tls</parameter> = Use the LDAPv3 StartTLS extended operation 
+			(RFC2830) for communicating with the directory server.</para></listitem>
+	    
+			<listitem><para><parameter moreinfo="none">On</parameter>  =
+			Use SSL on the ldaps port when contacting the 
+			<parameter moreinfo="none">ldap	server</parameter>.  Only
+			available when the backwards-compatiblity <command moreinfo="none">
+			--with-ldapsam</command> option is specified
+			to configure.  See <link linkend="PASSDBBACKEND"><parameter moreinfo="none">passdb backend</parameter></link></para></listitem>
+		</itemizedlist>		
+		
+		<para>Default : <command moreinfo="none">ldap ssl = start_tls</command></para>
+		</listitem>
+		</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapsuffix.xml b/docs/docbook/smbdotconf/ldap/ldapsuffix.xml
new file mode 100644
index 0000000000..dae15f8104
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapsuffix.xml
@@ -0,0 +1,8 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+		<term><anchor id="LDAPSUFFIX"/>ldap suffix (G)</term>
+		<listitem>
+		<para>Specifies where user and machine accounts are added to the tree. Can be overriden by <command moreinfo="none">ldap user suffix</command> and <command moreinfo="none">ldap machine suffix</command>. It also used as the base dn for all ldap searches. </para>
+		
+		<para>Default : <emphasis>none</emphasis></para>
+		</listitem>
+		</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldaptrustids.xml b/docs/docbook/smbdotconf/ldap/ldaptrustids.xml
new file mode 100644
index 0000000000..8fe4a1400b
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldaptrustids.xml
@@ -0,0 +1,18 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+		<term><anchor id="LDAPTRUSTIDS"/>ldap trust ids (G)</term>
+		<listitem><para>Normally, Samba validates each entry
+		in the LDAP server against getpwnam().  This allows
+		LDAP to be used for Samba with the unix system using
+		NIS (for example) and also ensures that Samba does not
+		present accounts that do not otherwise exist.  </para>
+	        <para>This option is used to disable this functionality, and
+		instead to rely on the presence of the appropriate
+		attributes in LDAP directly, which can result in a
+		significant performance boost in some situations.  
+                Setting this option to yes effectivly assumes
+		that the local machine is running <command moreinfo="none">nss_ldap</command> against the
+		same LDAP server.</para>
+
+		<para>Default: <command moreinfo="none">ldap trust ids = No</command></para>
+		</listitem>
+		</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml b/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml
new file mode 100644
index 0000000000..e4fb681e23
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml
@@ -0,0 +1,10 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+		<term><anchor id="LDAPUSERSUFFIX"/>ldap user suffix (G)</term>
+	        <listitem><para>It specifies where users are added to the tree.
+		</para>
+		
+	
+		
+		<para>Default : <emphasis>none</emphasis></para>
+		</listitem>
+		</samba:parameter>