Hosting a large number of domains in a single LDAP tree

Nicholas Drouet nick_drouet at
Tue Feb 24 13:04:09 GMT 2004

I'm after some advice on how Samba would cope in the following scenario.

A large number of remote sites, each with a fairly large (~500-1000) 
amount of users with a Samba 3 PDC at each site. It's planned to have a 
central LDAP tree with replicas of a part of the tree at each site, with 
the Samba domain for each site being stored in each branch of the tree. 
Users at each site will not be allowed access to resources at any other 

Alternatively, is it possible to host a single domain with read only 
replicas of the subtrees in each of the relevant locations? User admin 
will be done centrally. 

Site 1

Site 2

If the above scenario is implemented, will the Samba BDC in each site only 
be able to see the users in its own subtree (as defined in the smb.conf) 
or is this going to cause lots of problems? 


Nick Drouet
Senior Technical Specialist
IBM Global Services

More information about the samba-technical mailing list