samba4-ol-mmr

Oliver Liebel oliver at itc.li
Fri Aug 8 08:38:54 GMT 2008


my proposal:
in this early test-stage (unencrypted sync)
we could set up three (ssha-crypted) rootpws for the corresponding
subcontexts: schema, config, user in slapd.conf
so we dont need the samba-admin for replication purposes.
in a later stage (e.g. using sasl-bind with TLS/External)  the
cert-dn can be mapped by authz-regexp to the account we want/need.

oliver


Andrew Bartlett schrieb:
> On Fri, 2008-08-08 at 10:10 +0200, Oliver Liebel wrote:
>   
>> hi andrew,
>>
>> should we use cn=samba-admin,cn=samba as replication account, or a 
>> separate one?
>> a separate one with ro-privileges sounds better to me...
>>     
>
> Well, MMR implies read-write privileges, but yes, I would like a
> different replication account (for debugging as much as anything).
>
> Andrew Bartlett
>
>   

____________
Virus checked by G DATA AntiVirusKit
Version: AVK 18.4824 from 08.08.2008
Virus news: www.antiviruslab.com




More information about the samba-technical mailing list