backend provision samba4-ol-multimaster

Oliver Liebel oliver at
Fri Sep 5 08:37:15 GMT 2008

hi andrew,

i checked the latest version from git.
there is still an (invisible) typo in setup/mmr_syncrepl.conf (tabulator 
in the last line),
which must be removed. else we catch an "bad config"-error when starting 
slapd with mmr-config.
another point -maybe just cosmetic- :  i think the rids are looking 
better and
are easier to read  when, we use a 3-value integer, as you mentioned the 
first time.
e.g.  rid=serverid*100  instead of ...*10

i tried several setups to test the cn=samba replication, which can 
surely be done the easiest way
by adding the following acl:
access to dn.subtree="cn=samba"
       by dn=cn=samba-admin,cn=samba read
       by anonymous auth

as i understand it, the cn=samba-admin should not be created on
all other dcs, except on the first one, and will then be replicated to 
the others.
if this is so, we must add a setup-directive to prevent the creation
of this object during setup of the "secondary" dcs.

but i think to move away from the cleartext-passwords and
get the replication of subcontexts done in a clean way,
we should create a separate account (e.g. cn=replicator,cn=samba)
that is mapped bei authz-regexp and has ro-access to all subcontexts.
i would prefer to use syncrepl with saslmech GSSAPI (and authcid), but
in this case we would need a principal for that object.

would that be okay for you? and if yes, where should we start?


Andrew Bartlett schrieb:
> On Wed, 2008-08-27 at 10:51 +0200, Oliver Liebel wrote:
>> sorry, had a busy last week. i continue my
>> work on the next patches today.
> No worries, I just wanted to keep in touch.
> Andrew Bartlett

Virus checked by G DATA AntiVirusKit
Version: AVK 19.319 from 05.09.2008
Virus news:

More information about the samba-technical mailing list