backend provision samba4-ol-multimaster
Oliver Liebel
oliver at itc.li
Fri Sep 5 08:37:15 GMT 2008
hi andrew,
i checked the latest version from git.
there is still an (invisible) typo in setup/mmr_syncrepl.conf (tabulator
in the last line),
which must be removed. else we catch an "bad config"-error when starting
slapd with mmr-config.
another point -maybe just cosmetic- : i think the rids are looking
better and
are easier to read when, we use a 3-value integer, as you mentioned the
first time.
e.g. rid=serverid*100 instead of ...*10
i tried several setups to test the cn=samba replication, which can
surely be done the easiest way
by adding the following acl:
access to dn.subtree="cn=samba"
by dn=cn=samba-admin,cn=samba read
by anonymous auth
as i understand it, the cn=samba-admin should not be created on
all other dcs, except on the first one, and will then be replicated to
the others.
if this is so, we must add a setup-directive to prevent the creation
of this object during setup of the "secondary" dcs.
but i think to move away from the cleartext-passwords and
get the replication of subcontexts done in a clean way,
we should create a separate account (e.g. cn=replicator,cn=samba)
that is mapped bei authz-regexp and has ro-access to all subcontexts.
i would prefer to use syncrepl with saslmech GSSAPI (and authcid), but
in this case we would need a principal for that object.
would that be okay for you? and if yes, where should we start?
greetings,
oliver
Andrew Bartlett schrieb:
> On Wed, 2008-08-27 at 10:51 +0200, Oliver Liebel wrote:
>
>
>
>> sorry, had a busy last week. i continue my
>> work on the next patches today.
>>
>
> No worries, I just wanted to keep in touch.
>
> Andrew Bartlett
>
>
____________
Virus checked by G DATA AntiVirusKit
Version: AVK 19.319 from 05.09.2008
Virus news: www.antiviruslab.com
More information about the samba-technical
mailing list