Sharing a 'System Read Access' LDB handle in Samba4

Andrew Bartlett abartlet at
Thu Jun 19 06:35:33 GMT 2008

On Wed, 2008-06-18 at 23:29 -0700, Luke Howard wrote:
> > I suppose the depends if these are held in the main DB.  I was under  
> > the
> > impression that to avoid massive replication pressure, that these  
> > audit
> > logs were stored elsewhere, and the only thing to update would be the
> > 'week of last logon' timestamp (from memory).
> lastLogon was non-replicated, but lastLogonTimestamp (introduced in  
> W2K3) is. Also account lockout-related attributes would need to be  
> replicated too? I'm a bit hazy on this, I seem to remember that  
> lockout attempts were per-DC but presumably once the account is  
> actually locked out, this is replicated to all DCs.

Yeah, I was going to open a read-write DB at that point (to avoid doing
writes and transactions on the shared LDB handle). 

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list