oliver at itc.li
Fri Aug 8 08:38:54 GMT 2008
in this early test-stage (unencrypted sync)
we could set up three (ssha-crypted) rootpws for the corresponding
subcontexts: schema, config, user in slapd.conf
so we dont need the samba-admin for replication purposes.
in a later stage (e.g. using sasl-bind with TLS/External) the
cert-dn can be mapped by authz-regexp to the account we want/need.
Andrew Bartlett schrieb:
> On Fri, 2008-08-08 at 10:10 +0200, Oliver Liebel wrote:
>> hi andrew,
>> should we use cn=samba-admin,cn=samba as replication account, or a
>> separate one?
>> a separate one with ro-privileges sounds better to me...
> Well, MMR implies read-write privileges, but yes, I would like a
> different replication account (for debugging as much as anything).
> Andrew Bartlett
Virus checked by G DATA AntiVirusKit
Version: AVK 18.4824 from 08.08.2008
Virus news: www.antiviruslab.com
More information about the samba-technical