summaryrefslogtreecommitdiff
path: root/docs/smbdotconf/ldap/ldapsamtrusted.xml
diff options
context:
space:
mode:
authorVolker Lendecke <vlendec@samba.org>2005-03-04 17:04:56 +0000
committerGerald W. Carter <jerry@samba.org>2008-04-23 08:46:14 -0500
commitfa085d07268066e85aba8ee8c854cad0bef5972d (patch)
treef8b7f9ab77e08bd15d148df42fe0c815432951fa /docs/smbdotconf/ldap/ldapsamtrusted.xml
parent8734c9d5e8f146ba44189fb33cde6ecc2943e991 (diff)
downloadsamba-fa085d07268066e85aba8ee8c854cad0bef5972d.tar.gz
samba-fa085d07268066e85aba8ee8c854cad0bef5972d.tar.bz2
samba-fa085d07268066e85aba8ee8c854cad0bef5972d.zip
Add smb.conf entry for ldapsam:trusted.
Could a docbook-xml expert (jelmer?) please look over this to make sure I did not mess anything up? Thanks, Volker (This used to be commit b6c67153a4725aa00888d52846c59836b7fcf938)
Diffstat (limited to 'docs/smbdotconf/ldap/ldapsamtrusted.xml')
-rw-r--r--docs/smbdotconf/ldap/ldapsamtrusted.xml30
1 files changed, 30 insertions, 0 deletions
diff --git a/docs/smbdotconf/ldap/ldapsamtrusted.xml b/docs/smbdotconf/ldap/ldapsamtrusted.xml
new file mode 100644
index 0000000000..980436bea6
--- /dev/null
+++ b/docs/smbdotconf/ldap/ldapsamtrusted.xml
@@ -0,0 +1,30 @@
+<samba:parameter name="ldapsam:trusted"
+ context="G"
+ type="string"
+ advanced="1" developer="0"
+ xmlns:samba="http://samba.org/common">
+<description>
+
+<para>
+By default, Samba as a Domain Controller with an LDAP backend needs to use the
+Unix-style NSS subsystem to access user and group information. Due to the way
+Unix stores user information in /etc/passwd and /etc/group this inevitably
+leads to inefficiencies. One important question a user needs to know is the
+list of groups he is member of. The plain Unix model involves a complete
+enumeration of the file /etc/group and its NSS counterparts in LDAP. In this
+particular case there often optimized functions are available in Unix, but for
+other queries there is no optimized function available.</para>
+
+<para>To make Samba scale well in large environments, the ldapsam:trusted=yes
+option assumes that the complete user and group database that is relevant to
+Samba is stored in LDAP with the standard posixAccount/posixGroup model, and
+that the Samba auxiliary object classes are stored together with the the posix
+data in the same LDAP object. If these assumptions are met,
+ldapsam:trusted=yes can be activated and Samba can completely bypass the NSS
+system to query user information. Optimized LDAP queries can speed up domain
+logon and administration tasks a lot. Depending on the size of the LDAP
+database a factor of 100 or more for common queries is easily achieved.</para>
+
+</description>
+<value type="default">no</value>
+</samba:parameter>