summaryrefslogtreecommitdiff
path: root/docs/docbook/smbdotconf/ldap
diff options
context:
space:
mode:
Diffstat (limited to 'docs/docbook/smbdotconf/ldap')
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapadmindn.xml13
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapdeletedn.xml10
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapdelonlysamattr.xml6
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapfilter.xml12
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml11
-rw-r--r--docs/docbook/smbdotconf/ldap/ldappasswdsync.xml23
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapport.xml20
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapserver.xml15
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapssl.xml30
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapsuffix.xml8
-rw-r--r--docs/docbook/smbdotconf/ldap/ldaptrustids.xml18
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapusersuffix.xml10
12 files changed, 176 insertions, 0 deletions
diff --git a/docs/docbook/smbdotconf/ldap/ldapadmindn.xml b/docs/docbook/smbdotconf/ldap/ldapadmindn.xml
new file mode 100644
index 0000000000..f92e8ce310
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapadmindn.xml
@@ -0,0 +1,13 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+ <term><anchor id="LDAPADMINDN"/>ldap admin dn (G)</term>
+ <listitem><para> The <parameter moreinfo="none">ldap admin dn</parameter> defines the Distinguished
+ Name (DN) name used by Samba to contact the ldap server when retreiving
+ user account information. The <parameter moreinfo="none">ldap
+ admin dn</parameter> is used in conjunction with the admin dn password
+ stored in the <filename moreinfo="none">private/secrets.tdb</filename> file. See the
+ <citerefentry><refentrytitle>smbpasswd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> man page for more information on how
+ to accmplish this.
+ </para>
+ </listitem>
+ </samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml b/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml
new file mode 100644
index 0000000000..2b081853c6
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml
@@ -0,0 +1,10 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+ <term><anchor id="LDAPDELETEDN"/>ldap del only sam attr (G)</term>
+ <listitem><para> This parameter specifies whether a delete
+ operation in the ldapsam deletes the complete entry or only the attributes
+ specific to Samba.
+ </para>
+
+ <para>Default : <emphasis>ldap delete dn = no</emphasis></para>
+ </listitem>
+ </samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapdelonlysamattr.xml b/docs/docbook/smbdotconf/ldap/ldapdelonlysamattr.xml
new file mode 100644
index 0000000000..bae5b51e60
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapdelonlysamattr.xml
@@ -0,0 +1,6 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+ <term><anchor id="LDAPDELONLYSAMATTR"/>ldap del only sam attr (G)</term>
+ <listitem><para> Inverted synonym for <link linked="LDAPDELETEDN"><parameter moreinfo="none">
+ ldap delete dn</parameter></link>.</para>
+ </listitem>
+ </samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapfilter.xml b/docs/docbook/smbdotconf/ldap/ldapfilter.xml
new file mode 100644
index 0000000000..6ddf8db30f
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapfilter.xml
@@ -0,0 +1,12 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+ <term><anchor id="LDAPFILTER"/>ldap filter (G)</term>
+ <listitem><para>This parameter specifies the RFC 2254 compliant LDAP search filter.
+ The default is to match the login name with the <constant>uid</constant>
+ attribute for all entries matching the <constant>sambaAccount</constant>
+ objectclass. Note that this filter should only return one entry.
+ </para>
+
+
+ <para>Default : <command moreinfo="none">ldap filter = (&amp;(uid=%u)(objectclass=sambaAccount))</command></para>
+ </listitem>
+ </samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml b/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml
new file mode 100644
index 0000000000..e02bf9acfc
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml
@@ -0,0 +1,11 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+ <term><anchor id="LDAPMACHINESUFFIX"/>ldap machine suffix (G)</term>
+ <listitem><para>It specifies where machines should be
+ added to the ldap tree.
+ </para>
+
+
+
+ <para>Default : <emphasis>none</emphasis></para>
+ </listitem>
+ </samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml b/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml
new file mode 100644
index 0000000000..ce9449374d
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml
@@ -0,0 +1,23 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+ <term><anchor id="LDAPPASSWDSYNC"/>ldap passwd sync (G)</term>
+ <listitem><para>This option is used to define whether
+ or not Samba should sync the LDAP password with the NT
+ and LM hashes for normal accounts (NOT for
+ workstation, server or domain trusts) on a password
+ change via SAMBA.
+ </para>
+
+ <para>
+ The <parameter moreinfo="none">ldap passwd sync</parameter> can be set to one of three values:
+ </para>
+ <itemizedlist>
+ <listitem><para><parameter moreinfo="none">Yes</parameter> = Try to update the LDAP, NT and LM passwords and update the pwdLastSet time.</para></listitem>
+
+ <listitem><para><parameter moreinfo="none">No</parameter> = Update NT and LM passwords and update the pwdLastSet time.</para></listitem>
+
+ <listitem><para><parameter moreinfo="none">Only</parameter> = Only update the LDAP password and let the LDAP server do the rest.</para></listitem>
+ </itemizedlist>
+
+ <para>Default : <command moreinfo="none">ldap passwd sync = no</command></para>
+ </listitem>
+ </samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapport.xml b/docs/docbook/smbdotconf/ldap/ldapport.xml
new file mode 100644
index 0000000000..97c256d423
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapport.xml
@@ -0,0 +1,20 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+ <term><anchor id="LDAPPORT"/>ldap port (G)</term>
+ <listitem><para>This parameter is only available if Samba has been
+ configure to include the <command moreinfo="none">--with-ldapsam</command> option
+ at compile time.
+ </para>
+
+ <para>
+ This option is used to control the tcp port number used to contact
+ the <link linkend="LDAPSERVER"><parameter moreinfo="none">ldap server</parameter></link>.
+ The default is to use the stand LDAPS port 636.
+ </para>
+
+ <para>See Also: <link linkend="LDAPSSL">ldap ssl</link>
+ </para>
+
+ <para>Default : <command moreinfo="none">ldap port = 636 ; if ldap ssl = on</command></para>
+ <para>Default : <command moreinfo="none">ldap port = 389 ; if ldap ssl = off</command></para>
+ </listitem>
+ </samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapserver.xml b/docs/docbook/smbdotconf/ldap/ldapserver.xml
new file mode 100644
index 0000000000..33d5652ac9
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapserver.xml
@@ -0,0 +1,15 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+ <term><anchor id="LDAPSERVER"/>ldap server (G)</term>
+ <listitem><para>This parameter is only available if Samba has been
+ configure to include the <command moreinfo="none">--with-ldapsam</command> option
+ at compile time.
+ </para>
+
+ <para>
+ This parameter should contain the FQDN of the ldap directory
+ server which should be queried to locate user account information.
+ </para>
+
+ <para>Default : <command moreinfo="none">ldap server = localhost</command></para>
+ </listitem>
+ </samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapssl.xml b/docs/docbook/smbdotconf/ldap/ldapssl.xml
new file mode 100644
index 0000000000..d747d8f7df
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapssl.xml
@@ -0,0 +1,30 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+ <term><anchor id="LDAPSSL"/>ldap ssl (G)</term>
+ <listitem><para>This option is used to define whether or not Samba should
+ use SSL when connecting to the ldap server
+ This is <emphasis>NOT</emphasis> related to
+ Samba's previous SSL support which was enabled by specifying the
+ <command moreinfo="none">--with-ssl</command> option to the <filename moreinfo="none">configure</filename>
+ script.
+ </para>
+
+ <para>
+ The <parameter moreinfo="none">ldap ssl</parameter> can be set to one of three values:
+ </para>
+ <itemizedlist>
+ <listitem><para><parameter moreinfo="none">Off</parameter> = Never use SSL when querying the directory.</para></listitem>
+
+ <listitem><para><parameter moreinfo="none">Start_tls</parameter> = Use the LDAPv3 StartTLS extended operation
+ (RFC2830) for communicating with the directory server.</para></listitem>
+
+ <listitem><para><parameter moreinfo="none">On</parameter> =
+ Use SSL on the ldaps port when contacting the
+ <parameter moreinfo="none">ldap server</parameter>. Only
+ available when the backwards-compatiblity <command moreinfo="none">
+ --with-ldapsam</command> option is specified
+ to configure. See <link linkend="PASSDBBACKEND"><parameter moreinfo="none">passdb backend</parameter></link></para></listitem>
+ </itemizedlist>
+
+ <para>Default : <command moreinfo="none">ldap ssl = start_tls</command></para>
+ </listitem>
+ </samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapsuffix.xml b/docs/docbook/smbdotconf/ldap/ldapsuffix.xml
new file mode 100644
index 0000000000..dae15f8104
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapsuffix.xml
@@ -0,0 +1,8 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+ <term><anchor id="LDAPSUFFIX"/>ldap suffix (G)</term>
+ <listitem>
+ <para>Specifies where user and machine accounts are added to the tree. Can be overriden by <command moreinfo="none">ldap user suffix</command> and <command moreinfo="none">ldap machine suffix</command>. It also used as the base dn for all ldap searches. </para>
+
+ <para>Default : <emphasis>none</emphasis></para>
+ </listitem>
+ </samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldaptrustids.xml b/docs/docbook/smbdotconf/ldap/ldaptrustids.xml
new file mode 100644
index 0000000000..8fe4a1400b
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldaptrustids.xml
@@ -0,0 +1,18 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+ <term><anchor id="LDAPTRUSTIDS"/>ldap trust ids (G)</term>
+ <listitem><para>Normally, Samba validates each entry
+ in the LDAP server against getpwnam(). This allows
+ LDAP to be used for Samba with the unix system using
+ NIS (for example) and also ensures that Samba does not
+ present accounts that do not otherwise exist. </para>
+ <para>This option is used to disable this functionality, and
+ instead to rely on the presence of the appropriate
+ attributes in LDAP directly, which can result in a
+ significant performance boost in some situations.
+ Setting this option to yes effectivly assumes
+ that the local machine is running <command moreinfo="none">nss_ldap</command> against the
+ same LDAP server.</para>
+
+ <para>Default: <command moreinfo="none">ldap trust ids = No</command></para>
+ </listitem>
+ </samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml b/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml
new file mode 100644
index 0000000000..e4fb681e23
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml
@@ -0,0 +1,10 @@
+<samba:parameter xmlns:samba="http://samba.org/common">
+ <term><anchor id="LDAPUSERSUFFIX"/>ldap user suffix (G)</term>
+ <listitem><para>It specifies where users are added to the tree.
+ </para>
+
+
+
+ <para>Default : <emphasis>none</emphasis></para>
+ </listitem>
+ </samba:parameter>