[Samba] Idealx programs and ldap backend

[Adrian Chow]

Hi,

I got the following setup.

I got a openLDAP server.  This server is the master server for LDAP 
functions.  I named this ldapsrv.
I got a samba server with openLDAP install on it as well.  This LDAP 
server is the slave to ldapsrv.  I named this sambasrv.

The sambasrv  currently have the following setup in /etc/smb.conf:-
passdb backend = ldapsam:ldap://ldapsrv.domain
idmap backend = ldap://ldapsrv.domain
add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u'
delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u'
add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g'
delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g'
add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m 
'%u' '%g'
delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl 
-x '%u' '%g'
set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g 
'%g' '%u'
add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u'
shutdown script = /var/lib/samba/scripts/shutdown.sh

I want to use sambasrv's openldap directory to read off the passwords 
instead of reading it off the network from ldapsrv.  Note that all 
changes have to be done on ldapsrv in order to be propogated to 
sambasrv.  Will I have any issues if I shift the 'passdb backend' and 
'idmap backend' to point to ldapsrv?

Can i do the above with the smbldap_conf.pm file untouched?  The 
smbldap_conf.pm files currently point to ldapsrv as the changes will 
need to be done on it.

The reason I asked is that during clients authentication or connecting 
to the sambasrv, will it modify the ldap entries since smb.conf will 
point to sambasrv which is the slave LDAP.  I think all changes need to 
start from ldapsrv.

Any feedback will be great.

Thanks.

adrian
email : achow at uwcsea.edu.sg