AD DC option to use acl_tdb rather than acl_xattr?

[John Mulligan]

Hi Andrew,
During the sambaXP conference you mentioned that there may be an option to 
swap the vfs/xattr backend even on an AD DC. I'm interested in using this as 
it ought to avoid the need for always running our AD DC container images in a 
privileged mode.  You mentioned it should be OK for our use-case where the 
sysvol is not heavily used. Unfortunately, I haven't found any documentation 
for it. I looked over the interactive help from 'samba-tool' as well as the 
wiki and didn't see anything that jumped out at me.  

I was hoping you could point me in the right direction. Even if it's an 
unreleased feature, or needs a "cheat code".  Thank you very much!

--John M.