Add all the source files from the old CVS tree,

add the 5 missing chapters from the HOWTO
and add jht's Samba by Example book.
(This used to be commit 9fb5bcb93e57c5162b3ee6f9c7d777dc0269d100)

13 files changed, 238 insertions, 0 deletions

diff --git a/docs/smbdotconf/ldap/ldapadmindn.xml b/docs/smbdotconf/ldap/ldapadmindn.xml
new file mode 100644
index 0000000000..43a895d088
--- /dev/null
+++ b/docs/smbdotconf/ldap/ldapadmindn.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="ldap admin dn"
+                 context="G"
+                 advanced="1" developer="1"
+				 type="string"
+                 xmlns:samba="http://samba.org/common">
+				 <description>
+	<para> The <parameter moreinfo="none">ldap admin dn</parameter>
+	defines the Distinguished  Name (DN) name used by Samba to
+	contact the ldap server when retreiving  user account
+	information. The <parameter moreinfo="none">ldap admin
+	dn</parameter> is used in conjunction with the admin dn password
+	stored in the <filename moreinfo="none">private/secrets.tdb</filename> file.
+	See the <citerefentry><refentrytitle>smbpasswd</refentrytitle>
+	<manvolnum>8</manvolnum></citerefentry> man page for more
+	information on how  to accmplish this.</para>
+</description>
+</samba:parameter>
diff --git a/docs/smbdotconf/ldap/ldapdeletedn.xml b/docs/smbdotconf/ldap/ldapdeletedn.xml
new file mode 100644
index 0000000000..ffcb337740
--- /dev/null
+++ b/docs/smbdotconf/ldap/ldapdeletedn.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="ldap delete dn"
+                 context="G"
+				 type="boolean"
+                 advanced="1" developer="1"
+                 xmlns:samba="http://samba.org/common">
+<description>
+	<para> This parameter specifies whether a delete
+	operation in the ldapsam deletes the complete entry or only the attributes
+	specific to Samba.
+</para>
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/ldap/ldapfilter.xml b/docs/smbdotconf/ldap/ldapfilter.xml
new file mode 100644
index 0000000000..eba6a76f95
--- /dev/null
+++ b/docs/smbdotconf/ldap/ldapfilter.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="ldap filter"
+                 context="G"
+				 type="string"
+                 advanced="1" developer="1"
+                 xmlns:samba="http://samba.org/common">
+<description>
+	<para>This parameter specifies the RFC 2254 compliant LDAP search filter.
+	The default is to match the login name with the <constant>uid</constant> 
+	attribute for all entries matching the <constant>sambaAccount</constant>		
+	objectclass.  Note that this filter should only return one entry.
+</para>
+</description>
+<value type="default">(&amp;(uid=%u)(objectclass=sambaAccount))</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/ldap/ldapgroupsuffix.xml b/docs/smbdotconf/ldap/ldapgroupsuffix.xml
new file mode 100644
index 0000000000..6044d86693
--- /dev/null
+++ b/docs/smbdotconf/ldap/ldapgroupsuffix.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="ldap group suffix"
+                 context="G"
+				 type="string"
+		 advanced="1" developer="1"
+                 xmlns:samba="http://samba.org/common">
+<description>
+	<para>This parameters specifies the suffix that is 
+	used for groups when these are added to the LDAP directory.
+	If this parameter is unset, the value of <parameter>ldap suffix</parameter> will be used instead.</para>
+
+</description>
+<value type="default"></value>
+<value type="example">dc=samba,ou=Groups</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/ldap/ldapidmapsuffix.xml b/docs/smbdotconf/ldap/ldapidmapsuffix.xml
new file mode 100644
index 0000000000..2b26e18da8
--- /dev/null
+++ b/docs/smbdotconf/ldap/ldapidmapsuffix.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="ldap idmap suffix"
+                 context="G"
+		 advanced="1" developer="1"
+		 type="string"
+                 xmlns:samba="http://samba.org/common">
+<description>
+	<para>This parameters specifies the suffix that is 
+	used when storing idmap mappings. If this parameter 
+	is unset, the value of <parameter>ldap suffix</parameter>
+	will be used instead.</para>
+</description>
+<value type="default"></value>
+<value type="example">ou=Idmap,dc=samba,dc=org</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/ldap/ldapmachinesuffix.xml b/docs/smbdotconf/ldap/ldapmachinesuffix.xml
new file mode 100644
index 0000000000..843f918394
--- /dev/null
+++ b/docs/smbdotconf/ldap/ldapmachinesuffix.xml
@@ -0,0 +1,11 @@
+<samba:parameter name="ldap machine suffix"
+                 context="G"
+		 advanced="1" developer="1"
+		 type="string"
+                 xmlns:samba="http://samba.org/common">
+<description>
+	<para>It specifies where machines should be added to the ldap tree.</para>
+</description>
+
+<value type="default"></value>
+</samba:parameter>
diff --git a/docs/smbdotconf/ldap/ldappasswdsync.xml b/docs/smbdotconf/ldap/ldappasswdsync.xml
new file mode 100644
index 0000000000..305d1436f4
--- /dev/null
+++ b/docs/smbdotconf/ldap/ldappasswdsync.xml
@@ -0,0 +1,35 @@
+<samba:parameter name="ldap passwd sync"
+                 context="G"
+                 advanced="1" developer="1"
+				 type="enum"
+                 xmlns:samba="http://samba.org/common">
+<description>
+	<para>This option is used to define whether
+	or not Samba should sync the LDAP password with the NT
+	and LM hashes for normal accounts (NOT for
+	workstation, server or domain trusts) on a password
+	change via SAMBA.  
+	</para>
+
+	<para>The <parameter moreinfo="none">ldap passwd
+	sync</parameter> can be set to one of three values: </para>
+	
+	<itemizedlist>
+		<listitem>
+			<para><parameter moreinfo="none">Yes</parameter>  =  Try 
+			to update the LDAP, NT and LM passwords and update the pwdLastSet time.</para>
+		</listitem>
+			
+		<listitem>
+			<para><parameter moreinfo="none">No</parameter> = Update NT and 
+			LM passwords and update the pwdLastSet time.</para>
+		</listitem>
+
+		<listitem>
+			<para><parameter moreinfo="none">Only</parameter> = Only update 
+			the LDAP password and let the LDAP server do the rest.</para>
+		</listitem>
+	</itemizedlist>		
+</description>
+<value type="default">no</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/ldap/ldapport.xml b/docs/smbdotconf/ldap/ldapport.xml
new file mode 100644
index 0000000000..28a7f9c446
--- /dev/null
+++ b/docs/smbdotconf/ldap/ldapport.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="ldap port"
+				 type="integer"
+                 context="G"
+                 xmlns:samba="http://samba.org/common">
+<description>
+	<para>This parameter is only available if Samba has been
+	configure to include the <command moreinfo="none">--with-ldapsam</command> option
+	at compile time.</para>
+
+	<para>This option is used to control the tcp port number used to contact
+	the <link linkend="LDAPSERVER"><parameter moreinfo="none">ldap server</parameter></link>.
+	The default is to use the stand LDAPS port 636.</para>
+</description>
+<related>ldap ssl</related>
+<value type="default">636<comment>if ldap ssl = on</comment></value>
+<value type="default">389<comment>if ldap ssl = off</comment></value>
+</samba:parameter>
diff --git a/docs/smbdotconf/ldap/ldapreplicationsleep.xml b/docs/smbdotconf/ldap/ldapreplicationsleep.xml
new file mode 100644
index 0000000000..9630273501
--- /dev/null
+++ b/docs/smbdotconf/ldap/ldapreplicationsleep.xml
@@ -0,0 +1,22 @@
+<samba:parameter name="ldap replication sleep"
+                 context="G"
+                 advanced="1" developer="1"
+				 type="integer"
+                 xmlns:samba="http://samba.org/common">
+<description>
+	<para>When Samba is asked to write to a read-only LDAP
+replica, we are redirected to talk to the read-write master server.
+This server then replicates our changes back to the 'local' server,
+however the replication might take some seconds, especially over slow
+links.  Certain client activities, particularly domain joins, can become
+confused by the 'success' that does not immediately change the LDAP
+back-end's data.  </para>
+        <para>This option simply causes Samba to wait a short time, to
+allow the LDAP server to catch up.  If you have a particularly
+high-latency network, you may wish to time the LDAP replication with a
+network sniffer, and increase this value accordingly.  Be aware that no
+checking is performed that the data has actually replicated.</para>
+        <para>The value is specified in milliseconds</para>
+</description>
+<value type="default">1000</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/ldap/ldapserver.xml b/docs/smbdotconf/ldap/ldapserver.xml
new file mode 100644
index 0000000000..2f2791c00a
--- /dev/null
+++ b/docs/smbdotconf/ldap/ldapserver.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="ldap server"
+                 context="G"
+				 type="string"
+                 xmlns:samba="http://samba.org/common">
+<description>
+	<para>This parameter is only available if Samba has been
+	configure to include the <command moreinfo="none">--with-ldapsam</command> 
+	option at compile time.</para>
+
+	<para>This parameter should contain the FQDN of the ldap directory
+	server which should be queried to locate user account information.
+</para>
+</description>
+<value type="default">localhost</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/ldap/ldapssl.xml b/docs/smbdotconf/ldap/ldapssl.xml
new file mode 100644
index 0000000000..638a72e232
--- /dev/null
+++ b/docs/smbdotconf/ldap/ldapssl.xml
@@ -0,0 +1,39 @@
+<samba:parameter name="ldap ssl"
+                 context="G"
+				 type="enum"
+                 advanced="1" developer="1"
+                 xmlns:samba="http://samba.org/common">
+ <description>
+	<para>This option is used to define whether or not Samba should
+	use SSL when connecting to the ldap server
+	This is <emphasis>NOT</emphasis> related to
+	Samba's previous SSL support which was enabled by specifying the 
+	<command moreinfo="none">--with-ssl</command> option to the <filename moreinfo="none">configure</filename> 
+	script.</para>
+		
+	<para>The <parameter moreinfo="none">ldap ssl</parameter> can be set to one of three values:</para>	
+	<itemizedlist>
+		<listitem>
+			<para><parameter moreinfo="none">Off</parameter> = Never 
+			use SSL when querying the directory.</para>
+		</listitem>
+
+		<listitem>
+			<para><parameter moreinfo="none">Start_tls</parameter> = Use 
+			the LDAPv3 StartTLS extended operation (RFC2830) for 
+			communicating with the directory server.</para>
+		</listitem>
+	    
+		<listitem>
+			<para><parameter moreinfo="none">On</parameter>  = Use SSL 
+			on the ldaps port when contacting the <parameter 
+			moreinfo="none">ldap server</parameter>. Only available when the 
+			backwards-compatiblity <command 
+			moreinfo="none">--with-ldapsam</command> option is specified
+			to configure. See <link linkend="PASSDBBACKEND"><parameter 
+			moreinfo="none">passdb backend</parameter></link></para>
+		</listitem>
+	</itemizedlist>		
+</description>
+<value type="default">start_tls</value>
+</samba:parameter>
diff --git a/docs/smbdotconf/ldap/ldapsuffix.xml b/docs/smbdotconf/ldap/ldapsuffix.xml
new file mode 100644
index 0000000000..2185be49f1
--- /dev/null
+++ b/docs/smbdotconf/ldap/ldapsuffix.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="ldap suffix"
+                 context="G"
+				 type="string"
+		 advanced="1" developer="1"
+                 xmlns:samba="http://samba.org/common">
+<description>
+	<para>Specifies where user and machine accounts are added to the
+	tree. Can be overriden by <command moreinfo="none">ldap user
+	suffix</command> and <command moreinfo="none">ldap machine
+	suffix</command>. It also used as the base dn for all ldap
+searches. </para>
+</description>
+<value type="default"></value>
+</samba:parameter>
diff --git a/docs/smbdotconf/ldap/ldapusersuffix.xml b/docs/smbdotconf/ldap/ldapusersuffix.xml
new file mode 100644
index 0000000000..367584b744
--- /dev/null
+++ b/docs/smbdotconf/ldap/ldapusersuffix.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="ldap user suffix"
+	context="G"
+	type="string"
+		 advanced="1" developer="1"
+                 xmlns:samba="http://samba.org/common">
+<description>
+	<para>This parameter specifies where users are added to the tree. 
+	If this parameter is not specified, the value from <command>ldap suffix</command>.</para>
+
+</description>
+<value type="default"/>
+</samba:parameter>