diff options
author | John Terpstra <jht@samba.org> | 2005-12-26 17:20:51 +0000 |
---|---|---|
committer | Gerald W. Carter <jerry@samba.org> | 2008-04-23 08:47:15 -0500 |
commit | fcbb391330b419ea69f26cc6c8b0bd1165d6e160 (patch) | |
tree | abeb6a5a562ee2e30f6eb8ccf1a5141c879fb99f /docs/smbdotconf/ldap | |
parent | 2085e848eac56624d78fce41d3547f6cf8e9ff6b (diff) | |
download | samba-fcbb391330b419ea69f26cc6c8b0bd1165d6e160.tar.gz samba-fcbb391330b419ea69f26cc6c8b0bd1165d6e160.tar.bz2 samba-fcbb391330b419ea69f26cc6c8b0bd1165d6e160.zip |
Fix typos and attempt to clarify the explanation.
(This used to be commit eb3e5eb252b8c297e872b1081ceb052b3cd19deb)
Diffstat (limited to 'docs/smbdotconf/ldap')
-rw-r--r-- | docs/smbdotconf/ldap/ldapsamtrusted.xml | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/docs/smbdotconf/ldap/ldapsamtrusted.xml b/docs/smbdotconf/ldap/ldapsamtrusted.xml index 826032e4ab..466f42e220 100644 --- a/docs/smbdotconf/ldap/ldapsamtrusted.xml +++ b/docs/smbdotconf/ldap/ldapsamtrusted.xml @@ -5,25 +5,25 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> -<para> -By default, Samba as a Domain Controller with an LDAP backend needs to use the -Unix-style NSS subsystem to access user and group information. Due to the way -Unix stores user information in /etc/passwd and /etc/group this inevitably -leads to inefficiencies. One important question a user needs to know is the -list of groups he is member of. The plain Unix model involves a complete -enumeration of the file /etc/group and its NSS counterparts in LDAP. In this -particular case there often optimized functions are available in Unix, but for -other queries there is no optimized function available.</para> + <para> + By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to + access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group + this inevitably leads to inefficiencies. One important question a user needs to know is the list of groups he + is member of. The plain UNIX model involves a complete enumeration of the file /etc/group and its NSS + counterparts in LDAP. UNIX has optimized functions to enumerate group membership. Sadly, other functions that + are used to deal with user and group attributes lack such optimization. + </para> -<para>To make Samba scale well in large environments, the ldapsam:trusted=yes -option assumes that the complete user and group database that is relevant to -Samba is stored in LDAP with the standard posixAccount/posixGroup model, and -that the Samba auxiliary object classes are stored together with the the posix -data in the same LDAP object. If these assumptions are met, -ldapsam:trusted=yes can be activated and Samba can completely bypass the NSS -system to query user information. Optimized LDAP queries can speed up domain -logon and administration tasks a lot. Depending on the size of the LDAP -database a factor of 100 or more for common queries is easily achieved.</para> + <para> + To make Samba scale well in large environments, the <smbcomfoption name="ldapsam:trusted">yes</smbconfoption> + option assumes that the complete user and group database that is relevant to Samba is stored in LDAP with the + standard posixAccount/posixGroup attributes. It further assumes that the Samba auxiliary object classes are + stored together with the POSIX data in the same LDAP object. If these assumptions are met, + <smbconfoption name="ldapsam:trusted">yes</smbconfoption> can be activated and Samba can completely bypass the + NSS system to query user information. Optimized LDAP queries can greatly speed up domain logon and + administration tasks. Depending on the size of the LDAP database a factor of 100 or more for common queries + is easily achieved. + </para> </description> <value type="default">no</value> |