Oliver Liebel oliver at
Fri Aug 8 08:38:54 GMT 2008

my proposal:
in this early test-stage (unencrypted sync)
we could set up three (ssha-crypted) rootpws for the corresponding
subcontexts: schema, config, user in slapd.conf
so we dont need the samba-admin for replication purposes.
in a later stage (e.g. using sasl-bind with TLS/External)  the
cert-dn can be mapped by authz-regexp to the account we want/need.


Andrew Bartlett schrieb:
> On Fri, 2008-08-08 at 10:10 +0200, Oliver Liebel wrote:
>> hi andrew,
>> should we use cn=samba-admin,cn=samba as replication account, or a 
>> separate one?
>> a separate one with ro-privileges sounds better to me...
> Well, MMR implies read-write privileges, but yes, I would like a
> different replication account (for debugging as much as anything).
> Andrew Bartlett

Virus checked by G DATA AntiVirusKit
Version: AVK 18.4824 from 08.08.2008
Virus news:

More information about the samba-technical mailing list