[Samba] samba+ldap two domains db sync?

Larry Velez larry at sinu.com
Wed Jan 13 08:51:37 MST 2010


I am curious if you think an extension of this idea might work to centrally control and manage many domains?

Mothership LDAP [Hosted Highly Redundant setup]
- Domain 1 (SyncRepl only portion of LDAP)
- Domain 2 (SyncRepl only portion of LDAP)
- Domain 26 (SyncRepl only portion of LDAP)

Ideally each local subnet might also be VPNed up to the mothership so that local machines could still authenticate (slowly) if the local PDC were unavailable.  Long term each domain would be Samba4 based and fully AD ready.

Would love to discuss this idea with someone familiar with multi-domain setups like this.



-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Rob Shinn
Sent: Monday, January 11, 2010 9:33 AM
To: Alberto Moreno
Cc: samba at lists.samba.org
Subject: Re: [Samba] samba+ldap two domains db sync?

Alberto Moreno wrote:
> Is possible to sync both ldap servers every time I change something
> in ldap? or a better way to do it?Alberto Moreno wrote:
You could probably do this with OpenLDAP's syncrepl replication
facility.  You may also wish to consider combining everything into one
LDAP database, containing two different Samba domains, with a common OU
for user accounts.  You could keep the LDAP servers as they are, just
set up one as a secondary LDAP server using syncrepl.  That would have
the advantage of centralizing everything and ease user administration,
since users created in one domain would automatically be included in both.

Without knowing the specifics, however, it's hard to say to which way
would be best.

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list