<listitem><para><link linkend="LDAPFILTER"><parameter>ldap filter</parameter></link></para></listitem>
<listitem><para><link linkend="LDAPSSL"><parameter>ldap ssl</parameter></link></para></listitem>
<listitem><para><link linkend="LDAPSUFFIX"><parameter>ldap suffix</parameter></link></para></listitem>
- <listitem><para><link linkend="LDAPUSERSUFFIX"><parameter>ldap suffix</parameter></link></para></listitem>
- <listitem><para><link linkend="LDAPMACHINESUFFIX"><parameter>ldap suffix</parameter></link></para></listitem>
+ <listitem><para><link linkend="LDAPUSERSUFFIX"><parameter>ldap user suffix</parameter></link></para></listitem>
+ <listitem><para><link linkend="LDAPMACHINESUFFIX"><parameter>ldap machine suffix</parameter></link></para></listitem>
+ <listitem><para><link linkend="LDAPPASSWDSYNC"><parameter>ldap passwd sync</parameter></link></para></listitem>
<listitem><para><link linkend="LMANNOUNCE"><parameter>lm announce</parameter></link></para></listitem>
<listitem><para><link linkend="LMINTERVAL"><parameter>lm interval</parameter></link></para></listitem>
<para>
The <parameter>ldap ssl</parameter> can be set to one of three values:
- (a) <constant>on</constant> - Always use SSL when contacting the
- <parameter>ldap server</parameter>, (b) <constant>off</constant> -
- Never use SSL when querying the directory, or (c) <constant>start_tls</constant>
- - Use the LDAPv3 StartTLS extended operation
- (RFC2830) for communicating with the directory server.
- </para>
-
+ </para>
+ <itemizedlist>
+ <listitem><para><parameter>On</parameter> = Always use SSL when contacting the
+ <parameter>ldap server</parameter>.</para></listitem>
+
+ <listitem><para><parameter>Off</parameter> = Never use SSL when querying the directory.</para></listitem>
+
+ <listitem><para><parameter>Start_tls</parameter> = Use the LDAPv3 StartTLS extended operation
+ (RFC2830) for communicating with the directory server.</para></listitem>
+ </itemizedlist>
<para>Default : <command>ldap ssl = on</command></para>
</listitem>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><anchor id="LDAPPASSWDSYNC">ldap passwd sync (G)</term>
+ <listitem><para>This option is used to define whether
+ or not Samba should sync the LDAP password with the NT
+ and LM hashes for normal accounts (NOT for
+ workstation, server or domain trusts) on a password
+ change via SAMBA.
+ </para>
+ <para>
+ The <parameter>ldap passwd sync</parameter> can be set to one of three values:
+ </para>
+ <itemizedlist>
+ <listitem><para><parameter>Yes</parameter> = Try to update the LDAP, NT and LM passwords and update the pwdLastSet time.</para></listitem>
+
+ <listitem><para><parameter>No</parameter> = Update NT and LM passwords and update the pwdLastSet time.</para></listitem>
+
+ <listitem><para><parameter>Only</parameter> = Only update the LDAP password and let the LDAP server do the rest.</para></listitem>
+ </itemizedlist>
+
+ <para>Default : <command>ldap passwd sync = no</command></para>
+ </listitem>
+ </varlistentry>