<samba:parameter name="passdb backend" context="G" type="list" advanced="1" developer="1" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para>This option allows the administrator to chose which backend will be used for storing user and possibly group information. This allows you to swap between different storage mechanisms without recompile. </para> <para>The parameter value is divided into two parts, the backend's name, and a 'location' string that has meaning only to that particular backed. These are separated by a : character.</para> <para>Available backends can include: <itemizedlist> <listitem> <para><command moreinfo="none">smbpasswd</command> - The old plaintext passdb backend. Some Samba features will not work if this passdb backend is used. Takes a path to the smbpasswd file as an optional argument. </para> </listitem> <listitem> <para><command moreinfo="none">tdbsam</command> - The TDB based password storage backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb in the <smbconfoption name="private dir"/> directory.</para> </listitem> <listitem> <para><command moreinfo="none">ldapsam</command> - The LDAP based passdb backend. Takes an LDAP URL as an optional argument (defaults to <command moreinfo="none">ldap://localhost</command>)</para> <para>LDAP connections should be secured where possible. This may be done using either Start-TLS (see <smbconfoption name="ldap ssl"/>) or by specifying <parameter moreinfo="none">ldaps://</parameter> in the URL argument. </para> <para>Multiple servers may also be specified in double-quotes. Whether multiple servers are supported or not and the exact syntax depends on the LDAP library you use. </para> </listitem> </itemizedlist> </para> Examples of use are: <programlisting> passdb backend = tdbsam:/etc/samba/private/passdb.tdb or multi server LDAP URL with OpenLDAP library: passdb backend = ldapsam:"ldap://ldap-1.example.com ldap://ldap-2.example.com" or multi server LDAP URL with Netscape based LDAP library: passdb backend = ldapsam:"ldap://ldap-1.example.com ldap-2.example.com" </programlisting> </description> <value type="default">tdbsam</value> </samba:parameter>