Carlos Eduardo Pedroza Santiviago
2008-Jun-16 14:51 UTC
[Samba] Samba 3 with OpenLDAP multimaster or Fedora-DS
Hi, I'd like to know if any of you have ever implemented Samba 3 with OpenLDAP multimaster (using syncrepl, maybe) or Fedora-DS. The basic idea would be: - WAN link dies, the remote office's BDC would promote itself to PDC (using some kind of monitoring script), and will start accepting changes to the user base. Also, some change to the local WINS server would be necessary. - WAN link returns, the changes are replicated back to the original PDC, and the WAN's PDC is demoted to BDC again, and changes again the WINS database. From what i've read, NT4 seems to do this "automagically", and i'm having some complaints about that. What do you guys think? Best regards, -- Carlos Eduardo Pedroza Santiviago - <carlos at santiviago.com> http://softwarelivre.net | Passo-a-passo rumo ? liberdade!
Lots of folks have samba 3 running over OpenLDAP. Syncrepl is what I'd use if I was setting it up today, but I have a very reliable and mature implementation already running slurpd, so I am going to stick with that for the moment. As for multi-master, I agree with Zeilinga's comments on LDUP. Google for "multimaster considered harmful" or read http://www.openrowley.com/2006/10/05/is-multi-master-replication-really-harmful/ if you don't know what I'm talking about. We have one PDC and WINS server per physical site, which is more reliable and fault-tolerant than anything else I've tried, but it does make LDAP configuration a bit dicey since the Samba Team doesn't yet understand why anyone would want to combine a unified authentication infrastructure with geographically localized network control. Setting up domain trusts with our configuration is tricky. --Charlie On Mon, Jun 16, 2008 at 10:44 AM, Carlos Eduardo Pedroza Santiviago <carlos@santiviago.com> wrote:> Hi, > > I'd like to know if any of you have ever implemented Samba 3 with > OpenLDAP multimaster (using syncrepl, maybe) or Fedora-DS. The basic > idea would be: > > - WAN link dies, the remote office's BDC would promote itself to PDC > (using some kind of monitoring script), and will start accepting > changes to the user base. Also, some change to the local WINS server > would be necessary. > - WAN link returns, the changes are replicated back to the original > PDC, and the WAN's PDC is demoted to BDC again, and changes again the > WINS database. > > From what i've read, NT4 seems to do this "automagically", and i'm > having some complaints about that. > > What do you guys think? > > Best regards, > -- > Carlos Eduardo Pedroza Santiviago - <carlos at santiviago.com> > http://softwarelivre.net | Passo-a-passo rumo ? liberdade! > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >