[Samba] Samba PDC in many branch offices + one LDAP database -how to change passwords?

Gustavo Lima listas at opendf.com.br
Thu Oct 28 15:48:04 GMT 2004

        As far as I know there´s a command used in smb.conf that makes a 
samba BDC redirect changes to the master LDAP. I never used it before but 
should work.

ldap replication sleep (G)
    When  Samba  is  asked  to  write  to a read-only LDAP replica, we are 
redirected to talk to the read-write master server. This server then 
replicates our changes back to the 'local' server, however  the  replication 
might  take some  seconds,  especially  over slow links. Certain client 
activities, particularly domain joins, can become confused by the 'success' 
that does not immediately change the LDAP back-end's data.

     This option simply causes Samba to wait a short time, to allow the LDAP 
server to catch up. If you have a particularly  high-latency network,  you 
may wish to time the LDAP replication with a network sniffer, and increase 
this value accordingly. Be aware that no checking is performed that the data 
has actually replicated.

      The value is specified in milliseconds, the maximum value is 5000 (5 

      Default: ldap replication sleep = 1000

----- Original Message ----- 
From: "Adam Tauno Williams" <adam at morrison-ind.com>
To: "Tomasz Chmielewski" <mangoo at interia.pl>
Cc: <samba at lists.samba.org>
Sent: Thursday, October 28, 2004 1:50 PM
Subject: Re: [Samba] Samba PDC in many branch offices + one LDAP 
database -how to change passwords?

>> >> As it is relatively easy to have one LDAP database across all office
>> >> branches, I don't know how to make Samba 3 to read/retrieve
>> >> usernames/passwords from local OpenLDAP slave, but to write added
>> >> machines/changed passwords to the master OpenLDAP server (which would
>> >> then replicate the changes to all its slaves).
>> > If you have the smbldap-tools configured properly with the right master
>> > and slave set, then adding machines is not a problem.  Changing
>> > passwords is also not a problem provided you have LDAP referrals set up
>> > properly.  Setting up referrals is really more of a question for the
>> > openldap folks, and probably covered in the setup guide at openldap.
>> Heh, ask at OpenLDAp group, they point you to Samba group; ask at Samba
>> group, they point you back to OpenLDAP :)
> Just to clarify, mostly for the archives:  Setting up referrals is NIETHER 
> a
> Samba OR OpenLDAP question.  It is an LDAP issue,  referrals are a 
> standard LDAP
> thing, supported by every decent DSA.  The OpenLDAP lists are for 
> questions
> SPECIFICALLY for OpenLDAP related issues,  referrals would not be such an 
> issue.
> *ANY* decent LDAP text will cover referrals, and questions about referrals
> would be appropriate to the ldap at umich.edu list (generic LDAP 
> discussion) - but
> again, they are a well documented standard type of thing.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list