[Samba] [EXPERIENCES] with OpenLDAP and Samba and Redundancy ??? [SOLVED]

Michael Gasch gasch at eva.mpg.de
Tue Jun 22 06:06:51 GMT 2004

okay, this is what i did after your recommendations:

PDC owns/hosts LDAP MASTER
BDC owns/hosts LDAP SLAVE

created manager account for SAMBA (uid=sambamanager) - all changes on 
MASTER are done under this identity
cn=manager is used very seldom just for administrative tasks on the 
directory (like replication)

slurpd is responsible for replication to slave
changes are done only on MASTER

if owe of the LDAP SERVERs dies, samba processes and NSS are configured 
to fall back to another one
samba redundancy is done by PDC/BDC processes

ACLs on SLAVE deny changes by uid=sambamanager
only cn=manager can write

by this way, no SAMBA/NSS process can change the SLAVE directory if 
MASTER is dead
this doesn't solve the problem of changing machine account passwords but 
ensures a consistent directory

thanks to all for pointing me to the right direction


          "Matrix - more than a vision"

                  Michael Gasch

            - Central IT Department -

Max Planck Institute for Evolutionary Anthropology
Deutscher Platz 6
04103 Leipzig


More information about the samba mailing list