Hi, just three simple questions about samba+LDAP: Samba allows to configure several LDAP suffixes, ldap group suffix ldap idmap suffix ldap machine suffix ldap user suffix and the general ldap base with ldap suffix. But is there a way to configure a suffix for the sambaDomain objects? When I call pdbedit -L , it automatically creates a Domain for the machine, but directly under the ldap base, which is a little bit annoying, would like to have them in a subtree with ou=... Interestingly, the LDAP administration tool ldap-account-manager does keep the sambaDomains in a subtree separated with ou=..., but samba does not accept them. Second question: does pdbedit always create (and does samba always use) a sambaDomain object named after the netbios name? Third question: The configuration file for the smbldap tools allow to specify a slave LDAP just for the read access, and a master for write access, thus supporting LDAP replications. Does ldapsam support the same? regards Hadmut
> > Third question: > > The configuration file for the smbldap tools allow to > specify a slave LDAP just for the read access, and a master > for write access, thus supporting LDAP replications. > > Does ldapsam support the same? > > regards > HadmutHi Hadmut, I can at least help you with this one. The answer is definitely yes. I have my smb.conf set up like the following: passdb backend = "ldapsam:ldaps://192.168.2.2 ldaps://192.168.2.3" Just separate the backup servers by spaces, and put the whole thing in quotes and you should be good to go! Hopefully that helps... -Matt
Hi Matt, On Wed, Aug 08, 2007 at 06:20:42PM +0000, Matt Anderson wrote:> passdb backend = "ldapsam:ldaps://192.168.2.2 ldaps://192.168.2.3"Well, I had already tried this (replication first, master second) but got an error message about missing write access. The problem seems to be that samba (in contrast to smbldap tools) does not distinguish between read and write access, but to always try the first one first and only if it does not exist the second one. regards Hadmut