[Samba] [EXPERIENCES] with OpenLDAP and Samba and Redundancy ???

Fri Jun 18 16:17:28 GMT 2004

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

| hi
|
| i'm looking for hints/experiences concering samba v3, openldap AND
redundancy
|
| my setup is:
|
| Samba PDC with LDAP Master
| Samba BDC with LDAP Slave
| Samba Member Server, contacting first PDC, then BDC if the first fails
|
| if all instances are working properly, everything is okay
| replication is also fine (from Master -> Slave)
|
| and now imagine:
|
| LDAP Master dies
| all smbd are contacting LDAP Slave and make their changes in the Slave
directory

They won't be making changes, since you can't make changes against a
slave. The slave will return an error and a referral to the master
(which is down), so your changes will fail, but existing accounts will work.

| cause replication only works from Master->Slave, if Master comes up
again, i have inconsistency in my LDAP Backends

No you don't, unless your slave is misconfigured.

| e.g. a machine changes its machine password in Slave directory and
can't logon anymore cause the password change isn't replicated on Master
|

It's password change attempt will fail.

| we also tried to setup slurpd (LDAP replication) on both LDAP Servers
- - if both are up, everything is okay, if one is down, changes are made
in one directory, samba tells me it fails (e.g. changing passwords),
allthough it changes the attributes and so on....
|

Your configuration is broken.

| so the problem is: if Slave dies, everything should go on working,
because PDC/BDC use at first LDAP Master
| if slave comes up, replication is done properly
|
| but if Master dies, i get an inconsistent domain
|

You have a serious problem if your slave is accepting changes.

| how do you get redundancy in your LDAP backend?
| PDC/BDC redundancy works well, the single-point-of-failure is LDAP

Only if you've mis-configured it.

Note that these questions don't really have anything to do with samba,
you may want to ask on the openldap list.

Do you *really* need such a waste-of-bandwidth sig?

|
|          "Matrix - more than a vision"
|
| **************************************************
|                  Michael Gasch
|
|            - Central IT Department -
|
| Max Planck Institute for Evolutionary Anthropology
| Deutscher Platz 6
| 04103 Leipzig
|
| Germany
| **************************************************
|
|

Regards,
Buchan

- --
Buchan Milne                      Senior Support Technician
Obsidian Systems                  http://www.obsidian.co.za
B.Eng                                RHCE (803004789010797)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA0xWYrJK6UGDSBKcRAglDAJwL/+Rvr9c6LB4V7U2+cr7tHAHH0QCgg7Jd
SfcAdrspn+ut+YJuhO/ZWpQ=
=XRV3
-----END PGP SIGNATURE-----