jo...@primebuchholz.com schrieb:
What I'd like to do is set up a new Samba domain on the off-site server so users can log into it for disaster recovery purposes - and I'd like to keep the user account information synchronized with the main server so user's passwords are the same, etc. - while leaving behind workstation accounts, etc.
Why you don't want to sync the machine accounts? The workstations wouldn't be allowed to logon to the domain, if the machine account passwort differs. And doesn't you require the ldap groups too for managing access?
Does anyone have any ideas on how best to approach this? I guess what I'm asking is, I'm OK with slapcat/slapadd'ing periodically from the main server to the off-site server, but does anyone have ideas for how to filter just the user accounts into the LDIF?
Instead of export/transfer/delete-ldap/import, I would use the openldap replication functions. If you really don't want to have access to groups/machine account OU, you can define a ACL in your slave server, that denies access to that branches.
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
