Hi all,
I'm setting up a number of samba DC's across several branch offices
using the Samba 3.0.0 release's native LDAP support. I'd like to build
some redundancy into my setup, such as having slave LDAP servers in case
the master is down/unavailable. However, when I have multiple ldapsam
entries in my smb.conf I get duplicate or triplicate users listed when
performing a /usr/local/samba/bin/pdbedit -L, and all 2 or 3 LDAP
servers get queried no matter what. Is there anyway to list multiple
backup LDAP servers instead of just having overlapping SAMs?
Also, there will be some remote offices connected via relatively
high-latency WAN links to the master LDAP server. Will this be a problem
in terms of adding machine accounts or changing passwords (and that data
being replicated to the local slave LDAP server at the branch offices in
a timely manner)? I'd like to only have the remote offices send traffic
over the WAN links when absolutely necessary (such as changing passwords
or receiving replica updates pushed out from the master LDAP server).
Regards,
Thomas
[global]
passdb backend = ldapsam:ldap://192.168.1.60
ldapsam:ldap://192.168.1.215
ldapsam:ldap://192.168.1.98
ldap suffix = ou=accounts,ou=people,dc=pharm-olam,dc=com
ldap group suffix = ou=groups
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap admin dn =
uid=smbldap,ou=accounts,ou=people,dc=pharm-olam,dc=com
ldap ssl = off
Stefan Metzmacher
2003-Dec-16 08:17 UTC
[Samba] Re: multiple ldap servers in bdc/pdc environment
Thomas Hannan wrote:> Hi all, > > I'm setting up a number of samba DC's across several branch offices > using the Samba 3.0.0 release's native LDAP support. I'd like to build > some redundancy into my setup, such as having slave LDAP servers in case > the master is down/unavailable. However, when I have multiple ldapsam > entries in my smb.conf I get duplicate or triplicate users listed when > performing a /usr/local/samba/bin/pdbedit -L, and all 2 or 3 LDAP > servers get queried no matter what. Is there anyway to list multiple > backup LDAP servers instead of just having overlapping SAMs? > > Also, there will be some remote offices connected via relatively > high-latency WAN links to the master LDAP server. Will this be a problem > in terms of adding machine accounts or changing passwords (and that data > being replicated to the local slave LDAP server at the branch offices in > a timely manner)? I'd like to only have the remote offices send traffic > over the WAN links when absolutely necessary (such as changing passwords > or receiving replica updates pushed out from the master LDAP server). > > Regards, > Thomas > > [global]passdb backend = ldapsam:ldap://192.168.1.60> ldapsam:ldap://192.168.1.215 > ldapsam:ldap://192.168.1.98passdb backend = "ldapsam:ldap://192.168.1.60/ ldap://192.168.1.215/ ldap://192.168.1.98/" should do the job> ldap suffix = ou=accounts,ou=people,dc=pharm-olam,dc=com > ldap group suffix = ou=groups > ldap machine suffix = ou=machines > ldap user suffix = ou=users > ldap admin dn = > uid=smbldap,ou=accounts,ou=people,dc=pharm-olam,dc=com > ldap ssl = off > >-- metze ------------------------------------------- Stefan (metze) Metzmacher <metze at metzemix.de>