summaryrefslogtreecommitdiffstats
path: root/docs-xml/smbdotconf/security/passdbbackend.xml
diff options
context:
space:
mode:
Diffstat (limited to 'docs-xml/smbdotconf/security/passdbbackend.xml')
-rw-r--r--docs-xml/smbdotconf/security/passdbbackend.xml65
1 files changed, 65 insertions, 0 deletions
diff --git a/docs-xml/smbdotconf/security/passdbbackend.xml b/docs-xml/smbdotconf/security/passdbbackend.xml
new file mode 100644
index 0000000..8265b3e
--- /dev/null
+++ b/docs-xml/smbdotconf/security/passdbbackend.xml
@@ -0,0 +1,65 @@
+<samba:parameter name="passdb backend"
+ context="G"
+ type="string"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+
+ <para>This option allows the administrator to chose which backend
+ will be used for storing user and possibly group information. This allows
+ you to swap between different storage mechanisms without recompile. </para>
+
+ <para>The parameter value is divided into two parts, the backend's name, and a 'location'
+ string that has meaning only to that particular backed. These are separated
+ by a : character.</para>
+
+ <para>Available backends can include:
+ <itemizedlist>
+ <listitem>
+ <para><command moreinfo="none">smbpasswd</command> - The old plaintext passdb
+ backend. Some Samba features will not work if this passdb
+ backend is used. Takes a path to the smbpasswd file as an
+ optional argument.
+ </para>
+ </listitem>
+
+ <listitem>
+ <para><command moreinfo="none">tdbsam</command> - The TDB based password storage
+ backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb
+ in the <smbconfoption name="private dir"/> directory.</para>
+ </listitem>
+
+ <listitem>
+ <para><command moreinfo="none">ldapsam</command> - The LDAP based passdb
+ backend. Takes an LDAP URL as an optional argument (defaults to
+ <command moreinfo="none">ldap://localhost</command>)</para>
+
+ <para>LDAP connections should be secured where possible. This may be done using either
+ Start-TLS (see <smbconfoption name="ldap ssl"/>) or by
+ specifying <parameter moreinfo="none">ldaps://</parameter> in
+ the URL argument. </para>
+
+ <para>Multiple servers may also be specified in double-quotes.
+ Whether multiple servers are supported or not and the exact
+ syntax depends on the LDAP library you use.
+ </para>
+
+ </listitem>
+ </itemizedlist>
+
+ </para>
+ Examples of use are:
+<programlisting>
+passdb backend = tdbsam:/etc/samba/private/passdb.tdb
+
+or multi server LDAP URL with OpenLDAP library:
+
+passdb backend = ldapsam:"ldap://ldap-1.example.com ldap://ldap-2.example.com"
+
+or multi server LDAP URL with Netscape based LDAP library:
+
+passdb backend = ldapsam:"ldap://ldap-1.example.com ldap-2.example.com"
+</programlisting>
+</description>
+
+<value type="default">tdbsam</value>
+</samba:parameter>