Hosting a large number of domains in a single LDAP tree

Tue Feb 24 21:03:59 GMT 2004

On Wed, 2004-02-25 at 00:04, Nicholas Drouet wrote:
> I'm after some advice on how Samba would cope in the following scenario.
> 
> A large number of remote sites, each with a fairly large (~500-1000) 
> amount of users with a Samba 3 PDC at each site. It's planned to have a 
> central LDAP tree with replicas of a part of the tree at each site, with 
> the Samba domain for each site being stored in each branch of the tree. 
> Users at each site will not be allowed access to resources at any other 
> site. 
> 
> Alternatively, is it possible to host a single domain with read only 
> replicas of the subtrees in each of the relevant locations? User admin 
> will be done centrally. 
> 
> Site 1
> o=site1,dc=company,dc=uk
> 
> Site 2
> o=site2,dc=company,dc=uk
> 
> If the above scenario is implemented, will the Samba BDC in each site only 
> be able to see the users in its own subtree (as defined in the smb.conf) 
> or is this going to cause lots of problems? 

Both solutions are possible, but I prefer the single domain solution. 
My feeling is that splitting up domains is not something you should do,
if you don't *really* need to do it.  People move around - laptops walk
between sites, administrators admin all the domains.

Read-only replicas at each site will work fine, and Samba will contact
the master server for writes.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040225/88747186/attachment.bin