[Samba] Samba Standalone Server LDAP Issue

Gaiseric Vandal gaiseric.vandal at gmail.com
Mon Apr 16 14:37:41 MDT 2012

Does your smb.conf file only point to the local read-only server?   
Does the read-only LDAP server redirect the samba  to the write-only
LDAP server?  Or is the samba server configure for to try both LDAP

Can you show the ldap section of your smb.conf file ? 

If I understand correctly, your local site has both a read-only LDAP
server and a write-only LDAP server?

Is it trying to modify "sambaDomainName=KAIRO,l=Kairo,dc=org,o=ABC]"
itself?     Or is this triggered by things like user's changing passwords?

What are you using for an LDAP server?   If your central office LDAP
server has data for multiple offices, I understand why they want to make
sure that one remote office cannot make changes that would cause
problems for every other remote office.

I think with access control entries in LDAP you could still have a
read-write server in your office that sync's with the server in the
central office.   ACL's would restrict access to the "Kairo" branch of
the tree so that your server could make changes to its own branch.

Alternately, you could make your LDAP server the primary "Kairo"
server.  On the the central server,the "kairo" branch would merely be a
referal entry.      This means though that the central office looses
control for any backups or changes.

On 04/16/12 15:55, Michael Arndt wrote:
> r LDAP Issue
> Date: Mo 16 Apr 2012 21:45:47 CEST
> From: Gaiseric Vandal<gaiseric.vandal at gmail.com>
> To: samba at lists.samba.org
> Why is the LDAP server write-only?
> its the customers setup, they have world wide locations in many countries and a central write
> ldap and decentral read only slaves
> Unfortunately as part of their legacy samba setup there was made use of the fact that a patch of Idealx
> that is now not anymore availeable in the web probabably was SuSE Builtin
> An actual samba uses first the read ldap, is sent to the master for a write
> and never comes back to the read ldap
> only solutions i can see for a fast resolution
> -convince customer to make local ldap write ldap
>  ( very improbable due to internal customer issues )
> -try to recompile an legacy SuSE SRC rpm ( yes i know, but they need to acess a big storage
>  and thats not really working with the actual slowdown
> -try to identify the patch sources in "SuSE build code" and port to "redhat samba build"
> i can yee no "ldap way of resolution" except your proposal: why write onyl
> but customer actually can not follow this advice
> Micha

More information about the samba mailing list