[Samba] machine accounts and ldap?
dm at belkam.com
Mon May 6 03:44:02 GMT 2002
Thomas Stegbauer wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Dmitry Melekhov wrote:
> | Hello!
> | How to add computers into domains if I have several domains and several
> | ldap servers (one is master, other are slaves), each server on domain
> | controller?
> | As I understand samba can't go to master ldap server for doing updates
> | like adding
> | accounts or change passwords? :-(
> in my opinion you have two choices:
> 1. (if i understand correctly: each samba is a domaincontroller for a
> own domain?
Yes, you are right.
> you make ou's in ldap an let go the samba server to the ou. than each
> ldapserver is master for the ou.
> 2. you let access all sambaserver only the master server. and for other
> things (like pam_ldap or nss_ldap) the localserver.
Sorry, this is not good decigion.
> idea to the developer: maybe the eases would to define two ldapserver?
> one for write and on for search?
> 3. also an idea, maybe it's already solved? when working with a sasl
> bind the backup-ldapserver should be able to give a update-reference
> back, which is saying: stop, please update this leave on that server.
As I see samba uses simple bind and has no support for sasl bind.
May be there is another decigion?
For instance, to have parameter for choose master ldap server?
More information about the samba