smb.conf: Add dsdb group change notification parameter

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/docs-xml/smbdotconf/misc/dsdbgroupchangenotification.xml b/docs-xml/smbdotconf/misc/dsdbgroupchangenotification.xml
new file mode 100644 (file)
index 0000000..2079f51
--- /dev/null
+++ b/docs-xml/smbdotconf/misc/dsdbgroupchangenotification.xml
@@ -0,0 +1,27 @@
+<samba:parameter name="dsdb group change notification"
+                 context="G"
+                 type="boolean"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+       <para>When enabled, this option causes Samba (acting as an
+       Active Directory Domain Controller) to stream group membership change
+       events across the internal message bus.  Scripts built using
+       Samba's python bindings can listen to these events by
+       registering as the service
+       <filename moreinfo="none">dsdb_group_event</filename>.</para>
+
+       <para>This should be considered a developer option (it assists
+       in the Samba testsuite) rather than a facility for external
+       auditing, as message delivery is not guaranteed (a feature
+       that the testsuite works around).  Additionally Samba must be
+       not compiled with the --without-json-audit parameter for this
+       option to be effective.</para>
+
+       <para>The group events are also logged via the normal
+       logging methods when the <smbconfoption name="log level"/> is
+       set appropriately.</para>
+
+</description>
+
+<value type="default">no</value>
+</samba:parameter>