diff options
Diffstat (limited to 'docs/docbook/smbdotconf/ldap')
| -rw-r--r-- | docs/docbook/smbdotconf/ldap/ldapadmindn.xml | 16 | ||||
| -rw-r--r-- | docs/docbook/smbdotconf/ldap/ldapdeletedn.xml | 13 | ||||
| -rw-r--r-- | docs/docbook/smbdotconf/ldap/ldapfilter.xml | 14 | ||||
| -rw-r--r-- | docs/docbook/smbdotconf/ldap/ldapgroupsuffix.xml | 14 | ||||
| -rw-r--r-- | docs/docbook/smbdotconf/ldap/ldapidmapsuffix.xml | 15 | ||||
| -rw-r--r-- | docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml | 10 | ||||
| -rw-r--r-- | docs/docbook/smbdotconf/ldap/ldappasswdsync.xml | 35 | ||||
| -rw-r--r-- | docs/docbook/smbdotconf/ldap/ldapport.xml | 19 | ||||
| -rw-r--r-- | docs/docbook/smbdotconf/ldap/ldapserver.xml | 15 | ||||
| -rw-r--r-- | docs/docbook/smbdotconf/ldap/ldapssl.xml | 39 | ||||
| -rw-r--r-- | docs/docbook/smbdotconf/ldap/ldapsuffix.xml | 14 | ||||
| -rw-r--r-- | docs/docbook/smbdotconf/ldap/ldapusersuffix.xml | 11 |
12 files changed, 215 insertions, 0 deletions
diff --git a/docs/docbook/smbdotconf/ldap/ldapadmindn.xml b/docs/docbook/smbdotconf/ldap/ldapadmindn.xml new file mode 100644 index 0000000000..301c88df7b --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapadmindn.xml @@ -0,0 +1,16 @@ +<samba:parameter name="ldap admin dn" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para> The <parameter moreinfo="none">ldap admin dn</parameter> + defines the Distinguished Name (DN) name used by Samba to + contact the ldap server when retreiving user account + information. The <parameter moreinfo="none">ldap admin + dn</parameter> is used in conjunction with the admin dn password + stored in the <filename moreinfo="none">private/secrets.tdb</filename> file. + See the <citerefentry><refentrytitle>smbpasswd</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> man page for more + information on how to accmplish this.</para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml b/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml new file mode 100644 index 0000000000..89a75e02fd --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml @@ -0,0 +1,13 @@ +<samba:parameter name="ldap delete dn" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para> This parameter specifies whether a delete + operation in the ldapsam deletes the complete entry or only the attributes + specific to Samba. + </para> + + <para>Default: <emphasis>ldap delete dn = no</emphasis></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapfilter.xml b/docs/docbook/smbdotconf/ldap/ldapfilter.xml new file mode 100644 index 0000000000..1d0ab33d89 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapfilter.xml @@ -0,0 +1,14 @@ +<samba:parameter name="ldap filter" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies the RFC 2254 compliant LDAP search filter. + The default is to match the login name with the <constant>uid</constant> + attribute for all entries matching the <constant>sambaAccount</constant> + objectclass. Note that this filter should only return one entry. + </para> + + <para>Default: <command moreinfo="none">ldap filter = (&(uid=%u)(objectclass=sambaAccount))</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapgroupsuffix.xml b/docs/docbook/smbdotconf/ldap/ldapgroupsuffix.xml new file mode 100644 index 0000000000..5e6b9cc886 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapgroupsuffix.xml @@ -0,0 +1,14 @@ +<samba:parameter name="ldap group suffix" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameters specifies the suffix that is + used for groups when these are added to the LDAP directory. + If this parameter is unset, the value of <parameter>ldap suffix</parameter> will be used instead.</para> + + <para>Default: <emphasis>none</emphasis></para> + + <para>Example: <emphasis>dc=samba,ou=Groups</emphasis></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapidmapsuffix.xml b/docs/docbook/smbdotconf/ldap/ldapidmapsuffix.xml new file mode 100644 index 0000000000..7dd86cc41b --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapidmapsuffix.xml @@ -0,0 +1,15 @@ +<samba:parameter name="ldap idmap suffix" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameters specifies the suffix that is + used when storing idmap mappings. If this parameter + is unset, the value of <parameter>ldap suffix</parameter> + will be used instead.</para> + + <para>Default: <emphasis>none</emphasis></para> + + <para>Example: <emphasis>ou=Idmap,dc=samba,dc=org</emphasis></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml b/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml new file mode 100644 index 0000000000..0ef6a04abf --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml @@ -0,0 +1,10 @@ +<samba:parameter name="ldap machine suffix" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>It specifies where machines should be added to the ldap tree.</para> + + <para>Default: <emphasis>none</emphasis></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml b/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml new file mode 100644 index 0000000000..8015b2fb2d --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml @@ -0,0 +1,35 @@ +<samba:parameter name="ldap passwd sync" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This option is used to define whether + or not Samba should sync the LDAP password with the NT + and LM hashes for normal accounts (NOT for + workstation, server or domain trusts) on a password + change via SAMBA. + </para> + + <para>The <parameter moreinfo="none">ldap passwd + sync</parameter> can be set to one of three values: </para> + + <itemizedlist> + <listitem> + <para><parameter moreinfo="none">Yes</parameter> = Try + to update the LDAP, NT and LM passwords and update the pwdLastSet time.</para> + </listitem> + + <listitem> + <para><parameter moreinfo="none">No</parameter> = Update NT and + LM passwords and update the pwdLastSet time.</para> + </listitem> + + <listitem> + <para><parameter moreinfo="none">Only</parameter> = Only update + the LDAP password and let the LDAP server do the rest.</para> + </listitem> + </itemizedlist> + + <para>Default: <command moreinfo="none">ldap passwd sync = no</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapport.xml b/docs/docbook/smbdotconf/ldap/ldapport.xml new file mode 100644 index 0000000000..c00c525db0 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapport.xml @@ -0,0 +1,19 @@ +<samba:parameter name="ldap port" + context="G" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter is only available if Samba has been + configure to include the <command moreinfo="none">--with-ldapsam</command> option + at compile time.</para> + + <para>This option is used to control the tcp port number used to contact + the <link linkend="LDAPSERVER"><parameter moreinfo="none">ldap server</parameter></link>. + The default is to use the stand LDAPS port 636.</para> + + <para>See Also: <link linkend="LDAPSSL">ldap ssl</link></para> + + <para>Default : <command moreinfo="none">ldap port = 636 ; if ldap ssl = on</command></para> + + <para>Default : <command moreinfo="none">ldap port = 389 ; if ldap ssl = off</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapserver.xml b/docs/docbook/smbdotconf/ldap/ldapserver.xml new file mode 100644 index 0000000000..e7a4c670ab --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapserver.xml @@ -0,0 +1,15 @@ +<samba:parameter name="ldap server" + context="G" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter is only available if Samba has been + configure to include the <command moreinfo="none">--with-ldapsam</command> + option at compile time.</para> + + <para>This parameter should contain the FQDN of the ldap directory + server which should be queried to locate user account information. + </para> + + <para>Default : <command moreinfo="none">ldap server = localhost</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapssl.xml b/docs/docbook/smbdotconf/ldap/ldapssl.xml new file mode 100644 index 0000000000..13bafdf3a7 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapssl.xml @@ -0,0 +1,39 @@ +<samba:parameter name="ldap ssl" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This option is used to define whether or not Samba should + use SSL when connecting to the ldap server + This is <emphasis>NOT</emphasis> related to + Samba's previous SSL support which was enabled by specifying the + <command moreinfo="none">--with-ssl</command> option to the <filename moreinfo="none">configure</filename> + script.</para> + + <para>The <parameter moreinfo="none">ldap ssl</parameter> can be set to one of three values:</para> + <itemizedlist> + <listitem> + <para><parameter moreinfo="none">Off</parameter> = Never + use SSL when querying the directory.</para> + </listitem> + + <listitem> + <para><parameter moreinfo="none">Start_tls</parameter> = Use + the LDAPv3 StartTLS extended operation (RFC2830) for + communicating with the directory server.</para> + </listitem> + + <listitem> + <para><parameter moreinfo="none">On</parameter> = Use SSL + on the ldaps port when contacting the <parameter + moreinfo="none">ldap server</parameter>. Only available when the + backwards-compatiblity <command + moreinfo="none">--with-ldapsam</command> option is specified + to configure. See <link linkend="PASSDBBACKEND"><parameter + moreinfo="none">passdb backend</parameter></link></para> + </listitem> + </itemizedlist> + + <para>Default : <command moreinfo="none">ldap ssl = start_tls</command></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapsuffix.xml b/docs/docbook/smbdotconf/ldap/ldapsuffix.xml new file mode 100644 index 0000000000..609f171096 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapsuffix.xml @@ -0,0 +1,14 @@ +<samba:parameter name="ldap suffix" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>Specifies where user and machine accounts are added to the + tree. Can be overriden by <command moreinfo="none">ldap user + suffix</command> and <command moreinfo="none">ldap machine + suffix</command>. It also used as the base dn for all ldap + searches. </para> + + <para>Default: <emphasis>none</emphasis></para> +</listitem> +</samba:parameter> diff --git a/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml b/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml new file mode 100644 index 0000000000..93d450b5e4 --- /dev/null +++ b/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml @@ -0,0 +1,11 @@ +<samba:parameter name="ldap user suffix" + context="G" + advanced="1" developer="1" + xmlns:samba="http://samba.org/common"> +<listitem> + <para>This parameter specifies where users are added to the tree. + If this parameter is not specified, the value from <command>ldap suffix</command>.</para> + + <para>Default: <emphasis>none</emphasis></para> +</listitem> +</samba:parameter> |