[Samba] samba+ldap two domains db sync?
Gaiseric Vandal
gaiseric.vandal at gmail.com
Mon Jan 11 07:43:42 MST 2010
On 01/11/10 09:31, Rob Shinn wrote:
> Alberto Moreno wrote:
>> Is possible to sync both ldap servers every time I change something
>> in ldap? or a better way to do it?Alberto Moreno wrote:
> You could probably do this with OpenLDAP's syncrepl replication
> facility. You may also wish to consider combining everything into one
> LDAP database, containing two different Samba domains, with a common
> OU for user accounts. You could keep the LDAP servers as they are,
> just set up one as a secondary LDAP server using syncrepl. That would
> have the advantage of centralizing everything and ease user
> administration, since users created in one domain would automatically
> be included in both.
>
> Without knowing the specifics, however, it's hard to say to which way
> would be best.
>
I don't think one user in LDAP could be in two different domains- each
user has to have a distinct SambaSID entry.
I use Sun's Directory Server for my LDAP backend- it was already in
place for another project which is why I went with it rather than with
OpenLDAP. It supports replication between ldap servers and has a GUI
for setting up the replication parameters. Although, too be fair,
there is a bit of a learning curve with this product.
More information about the samba
mailing list