Hosting a large number of domains in a single LDAP tree
Andrew Bartlett
abartlet at samba.org
Tue Feb 24 21:03:59 GMT 2004
On Wed, 2004-02-25 at 00:04, Nicholas Drouet wrote:
> I'm after some advice on how Samba would cope in the following scenario.
>
> A large number of remote sites, each with a fairly large (~500-1000)
> amount of users with a Samba 3 PDC at each site. It's planned to have a
> central LDAP tree with replicas of a part of the tree at each site, with
> the Samba domain for each site being stored in each branch of the tree.
> Users at each site will not be allowed access to resources at any other
> site.
>
> Alternatively, is it possible to host a single domain with read only
> replicas of the subtrees in each of the relevant locations? User admin
> will be done centrally.
>
> Site 1
> o=site1,dc=company,dc=uk
>
> Site 2
> o=site2,dc=company,dc=uk
>
> If the above scenario is implemented, will the Samba BDC in each site only
> be able to see the users in its own subtree (as defined in the smb.conf)
> or is this going to cause lots of problems?
Both solutions are possible, but I prefer the single domain solution.
My feeling is that splitting up domains is not something you should do,
if you don't *really* need to do it. People move around - laptops walk
between sites, administrators admin all the domains.
Read-only replicas at each site will work fine, and Samba will contact
the master server for writes.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040225/88747186/attachment.bin
More information about the samba-technical
mailing list