summaryrefslogtreecommitdiff
path: root/docs/smbdotconf/ldap
diff options
context:
space:
mode:
Diffstat (limited to 'docs/smbdotconf/ldap')
-rw-r--r--docs/smbdotconf/ldap/ldapsamtrusted.xml36
1 files changed, 18 insertions, 18 deletions
diff --git a/docs/smbdotconf/ldap/ldapsamtrusted.xml b/docs/smbdotconf/ldap/ldapsamtrusted.xml
index 826032e4ab..466f42e220 100644
--- a/docs/smbdotconf/ldap/ldapsamtrusted.xml
+++ b/docs/smbdotconf/ldap/ldapsamtrusted.xml
@@ -5,25 +5,25 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
-<para>
-By default, Samba as a Domain Controller with an LDAP backend needs to use the
-Unix-style NSS subsystem to access user and group information. Due to the way
-Unix stores user information in /etc/passwd and /etc/group this inevitably
-leads to inefficiencies. One important question a user needs to know is the
-list of groups he is member of. The plain Unix model involves a complete
-enumeration of the file /etc/group and its NSS counterparts in LDAP. In this
-particular case there often optimized functions are available in Unix, but for
-other queries there is no optimized function available.</para>
+ <para>
+ By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to
+ access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group
+ this inevitably leads to inefficiencies. One important question a user needs to know is the list of groups he
+ is member of. The plain UNIX model involves a complete enumeration of the file /etc/group and its NSS
+ counterparts in LDAP. UNIX has optimized functions to enumerate group membership. Sadly, other functions that
+ are used to deal with user and group attributes lack such optimization.
+ </para>
-<para>To make Samba scale well in large environments, the ldapsam:trusted=yes
-option assumes that the complete user and group database that is relevant to
-Samba is stored in LDAP with the standard posixAccount/posixGroup model, and
-that the Samba auxiliary object classes are stored together with the the posix
-data in the same LDAP object. If these assumptions are met,
-ldapsam:trusted=yes can be activated and Samba can completely bypass the NSS
-system to query user information. Optimized LDAP queries can speed up domain
-logon and administration tasks a lot. Depending on the size of the LDAP
-database a factor of 100 or more for common queries is easily achieved.</para>
+ <para>
+ To make Samba scale well in large environments, the <smbcomfoption name="ldapsam:trusted">yes</smbconfoption>
+ option assumes that the complete user and group database that is relevant to Samba is stored in LDAP with the
+ standard posixAccount/posixGroup attributes. It further assumes that the Samba auxiliary object classes are
+ stored together with the POSIX data in the same LDAP object. If these assumptions are met,
+ <smbconfoption name="ldapsam:trusted">yes</smbconfoption> can be activated and Samba can completely bypass the
+ NSS system to query user information. Optimized LDAP queries can greatly speed up domain logon and
+ administration tasks. Depending on the size of the LDAP database a factor of 100 or more for common queries
+ is easily achieved.
+ </para>
</description>
<value type="default">no</value>