Patrick Dung
2007-May-30 09:14 UTC
[Samba] Question about multiple ldap backend (as failover/load balance)
Hello OK, in my case, there is only one samba server acting as PDC. On the PDC, it has a openldap server as backend. I have configured another server as the slave ldap server. slave ldap server will pool data by syncrepl. There are some spaces in samba/smbldap-tool that we can configure multiple ldap servers (or load balance by use of DNS) What happen if the PDC write data to the slave ldap server? (or the master ldap server failed, data has to write to the slave ldap server. and then the master ldap server comes online) The main problem is that the master and slave ldap server will be out of sync. Can samba auto detect and fix it? Thanks Patrick ____________________________________________________________________________________ Expecting? Get great news right away with email Auto-Check. Try the Yahoo! Mail Beta. http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html
Adam Tauno Williams
2007-May-30 10:48 UTC
[Samba] Question about multiple ldap backend (as failover/load balance)
> The main problem is that the master and slave ldap server will be out > of sync. Can samba auto detect and fix it?No. -- Adam Tauno Williams, Network & Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org
Ingo Steuwer
2007-May-30 11:05 UTC
[Samba] Question about multiple ldap backend (as failover/load balance)
Hi Am Mittwoch, 30. Mai 2007 11:06 schrieb Patrick Dung:> Hello > > OK, in my case, there is only one samba server acting as PDC. > On the PDC, it has a openldap server as backend. > > I have configured another server as the slave ldap server. slave ldap > server will pool data by syncrepl. > > There are some spaces in samba/smbldap-tool that we can configure > multiple ldap servers (or load balance by use of DNS) > > What happen if the PDC write data to the slave ldap server? (or the > master ldap server failed, data has to write to the slave ldap server. > and then the master ldap server comes online)you should not be allowed to make changes on a LDAP slave, which has to be made sure by appropiate LDAP-ACLs. For write operations clients connected to the slave must be forwarded to the master-ldap by ldap referrals.> The main problem is that the master and slave ldap server will be out > of sync. Can samba auto detect and fix it?This would be a feature of the LDAP-Server, as samba can't cover all attributes other clients may have changed. If you need this look out for an LDAP sevrer which supports multi-master modes. By the way: samba runs fine with an read-only copy of your LDAP as long as you don't need to administrate something or a password needs to be changed. This can cover downtimes of you LDAP-master without user service interruptions. Regards Ingo Steuwer> Thanks > Patrick > > > > ___________________________________________________________________________ >_________ Expecting? Get great news right away with email Auto-Check. > Try the Yahoo! Mail Beta. > http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html-- Ingo Steuwer Projektmanagement steuwer@univention.de Univention GmbH Linux for your Business fon: +49 421 22 232-43 Mary-Somerville-Str.1 28359 Bremen fax: +49 421 22 232-99 http://www.univention.de
Patrick Dung
2007-May-30 11:48 UTC
[Samba] Re: Question about multiple ldap backend (as failover/load balance)
Hello 1. OK, after searching, I found that openldap is a single master model. http://www.openldap.org/faq/data/cache/1240.html I think it will not change in foreseeable future. In my previous mail, I said the ldap servers may be out of sync. But actually, under Openldap 2.3, it will not be the case. Slave ldap server is required to add the 'updateref' directive which refer all modifiy/update to the current replica. If 'updateref' directive is missing, the slave server refuse to make changes to the directory. BTW, openldap 2.4 may have a new thing called mirror mode: http://www.mail-archive.com/openldap-software@openldap.org/msg08188.html 2. I found that Fedora DS can implement multi master mode. http://directory.fedoraproject.org/wiki/FAQ#How_does_the_Fedora_Directory_Server_multi-master_replication_work.3F With FDS, would samba be able to provide HA/multimaster AD? Thanks Patrick --- Patrick Dung <patrick_dkt@yahoo.com.hk> wrote:> Hello > > OK, in my case, there is only one samba server acting as PDC. > On the PDC, it has a openldap server as backend. > > I have configured another server as the slave ldap server. slave ldap > server will pool data by syncrepl. > > There are some spaces in samba/smbldap-tool that we can configure > multiple ldap servers (or load balance by use of DNS) > > What happen if the PDC write data to the slave ldap server? (or the > master ldap server failed, data has to write to the slave ldap > server. > and then the master ldap server comes online) > > The main problem is that the master and slave ldap server will be out > of sync. Can samba auto detect and fix it? > > Thanks > Patrick > > > >____________________________________________________________________________________> Expecting? Get great news right away with email Auto-Check. > Try the Yahoo! Mail Beta. > http://advision.webevents.yahoo.com/mailbeta/newmail_tools.html >____________________________________________________________________________________Sick sense of humor? Visit Yahoo! TV's Comedy with an Edge to see what's on, when. http://tv.yahoo.com/collections/222