[Samba] Re: some question about BDCs

jamrock news_jamrock at yahoo.com
Sun Apr 26 13:31:22 GMT 2009

> So, when I have SaMBa PDC (with master LDAP) and BDC (with slave LDAP),
> BDC update machine and/or user information or not? As I understood, only
> LDAP solution is suitable for a PDC-BDC setup, because "domain member
> servers and workstations periodically change the Machine Trust Account
> password", so BDC has to update some data.
> As I understood, BDC can change at least Machine Trust Account passwords.

Here is my understanding of the situation.

Samba does not manage replication.  Replication  is managed by the LDAP
software that is used with Samba.

The rules governing replication are the same rules that apply to any other
LDAP database.

If you set up master/slave replication on OpenLDAP, requests sent to the BDC
to update records will be redirected to the master LDAP server.  When the
master server has been updated, the changes will be propagated to the slave
LDAP server.  The process is no different from any other OpenLDAP database.

> Additional question: can a user change his/her login password, when he/she
> connected to the BDC (in case PDC is available and in case PDC is
> temporarily unavailable)? I read in TOSHARG2 too that in the BDC's
> I don't need user/group modification scripts, so I guess, I cannot
> add/modify them from the BDC.

You do not need the user/group modification scripts on a BDC because the
slave LDAP server does not update the database.

The rules governing multi-master replication will depend on the rules
governing multi-master replication for the LDAP software you implement.

More information about the samba mailing list