Hosting a large number of domains in a single LDAP tree

Andrew Bartlett abartlet at
Tue Feb 24 21:03:59 GMT 2004

On Wed, 2004-02-25 at 00:04, Nicholas Drouet wrote:
> I'm after some advice on how Samba would cope in the following scenario.
> A large number of remote sites, each with a fairly large (~500-1000) 
> amount of users with a Samba 3 PDC at each site. It's planned to have a 
> central LDAP tree with replicas of a part of the tree at each site, with 
> the Samba domain for each site being stored in each branch of the tree. 
> Users at each site will not be allowed access to resources at any other 
> site. 
> Alternatively, is it possible to host a single domain with read only 
> replicas of the subtrees in each of the relevant locations? User admin 
> will be done centrally. 
> Site 1
> o=site1,dc=company,dc=uk
> Site 2
> o=site2,dc=company,dc=uk
> If the above scenario is implemented, will the Samba BDC in each site only 
> be able to see the users in its own subtree (as defined in the smb.conf) 
> or is this going to cause lots of problems? 

Both solutions are possible, but I prefer the single domain solution. 
My feeling is that splitting up domains is not something you should do,
if you don't *really* need to do it.  People move around - laptops walk
between sites, administrators admin all the domains.

Read-only replicas at each site will work fine, and Samba will contact
the master server for writes.

Andrew Bartlett

Andrew Bartlett                                 abartlet at
Manager, Authentication Subsystems, Samba Team  abartlet at
Student Network Administrator, Hawker College   abartlet at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list