Hosting a large number of domains in a single LDAP tree
abartlet at samba.org
Tue Feb 24 21:03:59 GMT 2004
On Wed, 2004-02-25 at 00:04, Nicholas Drouet wrote:
> I'm after some advice on how Samba would cope in the following scenario.
> A large number of remote sites, each with a fairly large (~500-1000)
> amount of users with a Samba 3 PDC at each site. It's planned to have a
> central LDAP tree with replicas of a part of the tree at each site, with
> the Samba domain for each site being stored in each branch of the tree.
> Users at each site will not be allowed access to resources at any other
> Alternatively, is it possible to host a single domain with read only
> replicas of the subtrees in each of the relevant locations? User admin
> will be done centrally.
> Site 1
> Site 2
> If the above scenario is implemented, will the Samba BDC in each site only
> be able to see the users in its own subtree (as defined in the smb.conf)
> or is this going to cause lots of problems?
Both solutions are possible, but I prefer the single domain solution.
My feeling is that splitting up domains is not something you should do,
if you don't *really* need to do it. People move around - laptops walk
between sites, administrators admin all the domains.
Read-only replicas at each site will work fine, and Samba will contact
the master server for writes.
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040225/88747186/attachment.bin
More information about the samba-technical