[Samba] samba PDC and BDC with ldap master and slave backend

Andrew Bartlett abartlet at samba.org
Sun Feb 8 21:35:52 GMT 2004 

On Mon, 2004-02-09 at 07:35, Jérôme Tournier wrote:
> Hi all !
> In the samba-Howto, i was looking on informations on how to set up
> both a samba PDC and a samba BDC controller with ldap backend.
> I can read:
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Do not install a Samba PDC on a OpenLDAP slave server...
> Possible PDC/BDC plus LDAP configurations include:
> . PDC -> LDAP master server, BDC -> LDAP slave server.

I have removed this comment.  With the addition of the 'ldap replication
sleep' parameter, this can be made to work quite well.

> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> 
> And now i am wondering this questions :
> . if the samba DBC contain the following configuration
>   => passdb backend = ldapsam:"ldap://slave.quenya.org ldap://master.quenya.org"
>   will samba store informations in the master ldap server or will it fail ?

This will work fine.  Samba will talk to the master for updates.  Set
'ldap replication sleep' to the amount of time you expect the slave to
take to catch up to reality.  (Oh, and I know that's dody, but better
ideas haven't yet been implemented).

>   Or is it necessary to put the master ldap server first like this :
>   => passdb backend = ldapsam:"ldap://master.quenya.org ldap://slave.quenya.org"
> . can i install a samba BDC with a ldap slave server ? Yes you will answer me
>   but in the case where the master ldap server is unreachable, where does
>   the samba BDC will store new informations (Machine Trust Account password
>   for example wich are periodically changed)

In the configuration, if the master cannot be reached, the slave will be
contacted as a read-only backup.  Updates will fail.

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040209/4495fdbd/attachment.bin

More information about the samba mailing list