[Samba] [EXPERIENCES] with OpenLDAP and Samba and Redundancy
??? [SOLVED]
Michael Gasch
gasch at eva.mpg.de
Tue Jun 22 06:06:51 GMT 2004
okay, this is what i did after your recommendations:
PDC owns/hosts LDAP MASTER
BDC owns/hosts LDAP SLAVE
created manager account for SAMBA (uid=sambamanager) - all changes on
MASTER are done under this identity
cn=manager is used very seldom just for administrative tasks on the
directory (like replication)
slurpd is responsible for replication to slave
changes are done only on MASTER
if owe of the LDAP SERVERs dies, samba processes and NSS are configured
to fall back to another one
samba redundancy is done by PDC/BDC processes
ACLs on SLAVE deny changes by uid=sambamanager
only cn=manager can write
by this way, no SAMBA/NSS process can change the SLAVE directory if
MASTER is dead
this doesn't solve the problem of changing machine account passwords but
ensures a consistent directory
thanks to all for pointing me to the right direction
greez
--
"Matrix - more than a vision"
**************************************************
Michael Gasch
- Central IT Department -
Max Planck Institute for Evolutionary Anthropology
Deutscher Platz 6
04103 Leipzig
Germany
**************************************************
More information about the samba
mailing list