[Samba] Copy *just* user accounts from LDAP?
Marc.Muehlfeld at medizinische-genetik.de
Mon Jun 22 13:32:25 GMT 2009
johnh at primebuchholz.com schrieb:
> What I'd like to do is set up a new Samba domain on the off-site server so
> users can log into it for disaster recovery purposes - and I'd like to
> keep the user account information synchronized with the main server so
> user's passwords are the same, etc. - while leaving behind workstation
> accounts, etc.
Why you don't want to sync the machine accounts? The workstations wouldn't be
allowed to logon to the domain, if the machine account passwort differs. And
doesn't you require the ldap groups too for managing access?
> Does anyone have any ideas on how best to approach this? I guess what I'm
> asking is, I'm OK with slapcat/slapadd'ing periodically from the main
> server to the off-site server, but does anyone have ideas for how to
> filter just the user accounts into the LDIF?
Instead of export/transfer/delete-ldap/import, I would use the openldap
replication functions. If you really don't want to have access to
groups/machine account OU, you can define a ACL in your slave server, that
denies access to that branches.
More information about the samba