From 564c0390c2ae8fea28113e7a8c13e186ed9c6037 Mon Sep 17 00:00:00 2001 From: John Terpstra Date: Mon, 26 Dec 2005 17:20:51 +0000 Subject: [PATCH] Fix typos and attempt to clarify the explanation. --- docs/smbdotconf/ldap/ldapsamtrusted.xml | 60 ++++++++++++++++----------------- 1 file changed, 30 insertions(+), 30 deletions(-) rewrite docs/smbdotconf/ldap/ldapsamtrusted.xml (83%) diff --git a/docs/smbdotconf/ldap/ldapsamtrusted.xml b/docs/smbdotconf/ldap/ldapsamtrusted.xml dissimilarity index 83% index 826032e4ab2..466f42e2209 100644 --- a/docs/smbdotconf/ldap/ldapsamtrusted.xml +++ b/docs/smbdotconf/ldap/ldapsamtrusted.xml @@ -1,30 +1,30 @@ - - - - -By default, Samba as a Domain Controller with an LDAP backend needs to use the -Unix-style NSS subsystem to access user and group information. Due to the way -Unix stores user information in /etc/passwd and /etc/group this inevitably -leads to inefficiencies. One important question a user needs to know is the -list of groups he is member of. The plain Unix model involves a complete -enumeration of the file /etc/group and its NSS counterparts in LDAP. In this -particular case there often optimized functions are available in Unix, but for -other queries there is no optimized function available. - -To make Samba scale well in large environments, the ldapsam:trusted=yes -option assumes that the complete user and group database that is relevant to -Samba is stored in LDAP with the standard posixAccount/posixGroup model, and -that the Samba auxiliary object classes are stored together with the the posix -data in the same LDAP object. If these assumptions are met, -ldapsam:trusted=yes can be activated and Samba can completely bypass the NSS -system to query user information. Optimized LDAP queries can speed up domain -logon and administration tasks a lot. Depending on the size of the LDAP -database a factor of 100 or more for common queries is easily achieved. - - -no - + + + + + By default, Samba as a Domain Controller with an LDAP backend needs to use the Unix-style NSS subsystem to + access user and group information. Due to the way Unix stores user information in /etc/passwd and /etc/group + this inevitably leads to inefficiencies. One important question a user needs to know is the list of groups he + is member of. The plain UNIX model involves a complete enumeration of the file /etc/group and its NSS + counterparts in LDAP. UNIX has optimized functions to enumerate group membership. Sadly, other functions that + are used to deal with user and group attributes lack such optimization. + + + + To make Samba scale well in large environments, the yes + option assumes that the complete user and group database that is relevant to Samba is stored in LDAP with the + standard posixAccount/posixGroup attributes. It further assumes that the Samba auxiliary object classes are + stored together with the POSIX data in the same LDAP object. If these assumptions are met, + yes can be activated and Samba can completely bypass the + NSS system to query user information. Optimized LDAP queries can greatly speed up domain logon and + administration tasks. Depending on the size of the LDAP database a factor of 100 or more for common queries + is easily achieved. + + + +no + -- 2.11.4.GIT