diff options
Diffstat (limited to 'docs/smbdotconf/ldap')
-rw-r--r-- | docs/smbdotconf/ldap/ldapsamtrusted.xml | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/docs/smbdotconf/ldap/ldapsamtrusted.xml b/docs/smbdotconf/ldap/ldapsamtrusted.xml index 826032e4ab..466f42e220 100644 --- a/docs/smbdotconf/ldap/ldapsamtrusted.xml +++ b/docs/smbdotconf/ldap/ldapsamtrusted.xml @@ -5,25 +5,25 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> -<para> -By default, Samba as a Domain Controller with an LDAP backend needs to use the -Unix-style NSS subsystem to access user and group information. Due to the way -Unix stores user information in /etc/passwd and /etc/group this inevitably -leads to inefficiencies. One important question a user needs to know is the -list of groups he is member of. The plain Unix model involves a complete -enumeration of the file /etc/group and its NSS counterparts in LDAP. In this -particular case there often optimized functions are available in Unix, but for -other queries there is no optimized function available.</para> + <para> + By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to + access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group + this inevitably leads to inefficiencies. One important question a user needs to know is the list of groups he + is member of. The plain UNIX model involves a complete enumeration of the file /etc/group and its NSS + counterparts in LDAP. UNIX has optimized functions to enumerate group membership. Sadly, other functions that + are used to deal with user and group attributes lack such optimization. + </para> -<para>To make Samba scale well in large environments, the ldapsam:trusted=yes -option assumes that the complete user and group database that is relevant to -Samba is stored in LDAP with the standard posixAccount/posixGroup model, and -that the Samba auxiliary object classes are stored together with the the posix -data in the same LDAP object. If these assumptions are met, -ldapsam:trusted=yes can be activated and Samba can completely bypass the NSS -system to query user information. Optimized LDAP queries can speed up domain -logon and administration tasks a lot. Depending on the size of the LDAP -database a factor of 100 or more for common queries is easily achieved.</para> + <para> + To make Samba scale well in large environments, the <smbcomfoption name="ldapsam:trusted">yes</smbconfoption> + option assumes that the complete user and group database that is relevant to Samba is stored in LDAP with the + standard posixAccount/posixGroup attributes. It further assumes that the Samba auxiliary object classes are + stored together with the POSIX data in the same LDAP object. If these assumptions are met, + <smbconfoption name="ldapsam:trusted">yes</smbconfoption> can be activated and Samba can completely bypass the + NSS system to query user information. Optimized LDAP queries can greatly speed up domain logon and + administration tasks. Depending on the size of the LDAP database a factor of 100 or more for common queries + is easily achieved. + </para> </description> <value type="default">no</value> |