[Samba] [EXPERIENCES] with OpenLDAP and Samba and Redundancy ???

McKeever Chris tech-mail at prupref.com
Sat Jun 19 00:02:24 GMT 2004 


On Fri, 18 Jun 2004 16:08 , Michael Gasch <gasch at eva.mpg.de> sent:

>
>> maybe I am missing something here - but why does your master ldap fail so often?  
>it doesn't - i'm just building the worst case szenario =)
>
>>I agree with the other poster, the slave LDAPS should be 
>> (and I would almost move to _need_ to be) read only .. 
>and now tell me please how the master can replicate his LDAP tree to the 
>slave to get a 1:1 copy and a backup of my LDAP tree, if it's readonly 
>?!?!?!

becuase you configure your slave to accept changes that are pushed from the master .

>
>>I am also curious as to why you have a samba server contacting either the PDC/BDC 
>> ldap servers when it could just be running a replicated LDAP DB itself...which is how all the docs say to do it - maybe this is something new 
with 
>> 3.xx - not sure, but it alwyas seemed more logical to have all your samba boxes be thier own DC in terms of login/user information
>if each smbd has it's own ldap instance running (DMs too), i have to 
>ensure, that all LDAP instances have the same information

this is the main point of ldap replication - they do all have the same info - and why you make the slaves readonly


>before i can't solve the replication problem (MASTER=dead, changes are 
>made to SLAVE, MASTER comes back => inconsistency in LDAP trees) in case 
>of the MASTER dies and information has to be written to one of the 
>SLAVEs, i won't give each smbd his own passdb backend
>
>it's my plan to have one PDC, one BDC, x DMs and one LDAP instance on 
>both DCs
>
>> If your master does fail - and I mean dead, need to rebuild, etc..I would make one of the slaves the write/master get the original MASTER 
>> back on line, but not in production until you can do a slapcat of the LDAP to it, change the everything back to what it needs to be, and 
have 
>> your system running again....
>this is my temporary solution
>
>
>bye

-------------------------------------------
Chris McKeever
If you want to reply directly to me, please use cgmckeever--at--prupref.com
<A href="http://www.prupref.com">Prudential</A><A href="http://www.prupref.com">Chicago Real Estate</A>
>



---- Prudential Preferred Properties   www.prupref.com
Success Driven By Results
   Results Driven By Commitment
      Commitment Driven By Integrity
         We Are Prudential Preferred Properties
               

More information about the samba mailing list