[Samba] Request to update slapd.conf and OpenLDAP info forSamba-Guide/happy.html

Wed Mar 2 15:26:57 GMT 2005

<quote who="John H Terpstra">
> Gavin,
>
> The book "Samba-3 by Example" was written at the time Samba-3.0.2 was just
> released. At that time (February 2004) the version of OpenLDAP that were
> shipping on SuSE Linux Enterprise Server and on Red Hat Enterprise Linux
> used
> ldbm.
>
> I agree entirely that this needs to be updated, in fact, it is necessary
> also
> to update all references to the smbldap-tools as well as many other subtle
> factors that have changed in Samba between Samba-3.0.2 and 3.0.12 (the
> soon
> to be released version).
>
> I will update the entire book at the first opportunity I get. If you wish
> to
> submit patches I would be most appreciative.

Understood. I'll hopefully get something to you. Via bugzilla etc?

>
> Cheers,
> John T.
>
> On Wednesday 02 March 2005 03:24, Gavin Henry wrote:
>> Dear Team,
>>
>> The OpenLDAP stuff on this page:
>>
>> http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html
>>
>> is not the preferred backend, i.e. ldbm, it really, really needs to be
>> bdb.
>>
>> See:
>>
>> http://www.openldap.org/faq/index.cgi?_highlightWords=bdb%20ldbm&file=1085
>>
>> "ldbm uses a neutral storage interface which in principle could wrap
>> dbm,
>> ndbm, gdbm or sleepycat as underlying storage; however, only Sleepycat
>> is
>> considered a reliable choice, so bdb offers more interesting features
>> (ACID). Eventually it will disappear."
>>
>> And:
>>
>> http://www.openldap.org/faq/data/cache/756.html
>>
>> "With back-ldbm, there is no fine-grain database locking. This means
>> write
>> operations are serialized. And while multiple read operations may be
>> performed concurrently, they cannot be performed concurrently with any
>> write operation. Additionally, LDBM databases cannot be accessed by only
>> one program at a time (generally at the file level). (While one may be
>> able to bypass the locking mechanism, you will likely corrupt the
>> database
>> (and/or obtain bogus information).)
>>
>> With back-bdb, databases are locked on a page level, which means that
>> multiple threads (and processes) can operate on the databases
>> concurrently. In OpenLDAP 2.1.4 we lifted the restriction against using
>> the slap tools while slapd is running on back-bdb. You can perform
>> online
>> backups using slapcat or BDB's db_dumputility without interrupting your
>> LDAP service. You still must not use slapadd or slapindex while slapd is
>> running (due to application-level caching in slapd(8))."
>>
>>
>> Point to highlight for disaster recovery:
>>
>> "You can perform online backups using slapcat or BDB's db_dumputility
>> without interrupting your LDAP service."
>>
>> Therefore,
>> can we update it for this and all the configuration that goes with using
>> a
>> bdb backend?
>>
>> I feel we are not doing the Samba community justice, if we are telling
>> them to use lbdm.
>>
>> Thanks.
>>
>> --
>> Kind Regards,
>>
>> Gavin Henry.
>> Managing Director.
>>
>> T +44 (0) 1224 279484
>> M +44 (0) 7930 323266
>> F +44 (0) 1224 742001
>> E ghenry at suretecsystems.com
>>
>> Open Source. Open Solutions(tm).
>>
>> http://www.suretecsystems.com/
>
> --
> John H Terpstra
> Samba-Team Member
> Phone: +1 (650) 580-8668
>
> Author:
> The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
> Samba-3 by Example, ISBN: 0131472216
> Hardening Linux, ISBN: 0072254971
> Other books in production.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>