svn commit: samba-docs r368 - in trunk/smbdotconf/ldap: .

vlendec at samba.org vlendec at samba.org
Fri Mar 4 17:04:56 GMT 2005 

Author: vlendec
Date: 2005-03-04 17:04:56 +0000 (Fri, 04 Mar 2005)
New Revision: 368

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba-docs&rev=368

Log:
Add smb.conf entry for ldapsam:trusted.

Could a docbook-xml expert (jelmer?) please look over this to make sure I did
not mess anything up?

Thanks,

Volker

Added:
   trunk/smbdotconf/ldap/ldapsamtrusted.xml


Changeset:
Added: trunk/smbdotconf/ldap/ldapsamtrusted.xml
===================================================================
--- trunk/smbdotconf/ldap/ldapsamtrusted.xml	2005-03-04 07:07:44 UTC (rev 367)
+++ trunk/smbdotconf/ldap/ldapsamtrusted.xml	2005-03-04 17:04:56 UTC (rev 368)
@@ -0,0 +1,30 @@
+<samba:parameter name="ldapsam:trusted"
+	context="G"
+	type="string"
+		 advanced="1" developer="0"
+                 xmlns:samba="http://samba.org/common">
+<description>
+
+<para>
+By default, Samba as a Domain Controller with an LDAP backend needs to use the
+Unix-style NSS subsystem to access user and group information. Due to the way
+Unix stores user information in /etc/passwd and /etc/group this inevitably
+leads to inefficiencies. One important question a user needs to know is the
+list of groups he is member of. The plain Unix model involves a complete
+enumeration of the file /etc/group and its NSS counterparts in LDAP. In this
+particular case there often optimized functions are available in Unix, but for
+other queries there is no optimized function available.</para>
+
+<para>To make Samba scale well in large environments, the ldapsam:trusted=yes
+option assumes that the complete user and group database that is relevant to
+Samba is stored in LDAP with the standard posixAccount/posixGroup model, and
+that the Samba auxiliary object classes are stored together with the the posix
+data in the same LDAP object. If these assumptions are met,
+ldapsam:trusted=yes can be activated and Samba can completely bypass the NSS
+system to query user information. Optimized LDAP queries can speed up domain
+logon and administration tasks a lot. Depending on the size of the LDAP
+database a factor of 100 or more for common queries is easily achieved.</para>
+
+</description>
+<value type="default">no</value>
+</samba:parameter>

More information about the samba-cvs mailing list