maybe I am missing something here - but why does your master ldap fail so often?
it doesn't - i'm just building the worst case szenario =)
I agree with the other poster, the slave LDAPS should be (and I would almost move to _need_ to be) read only ..and now tell me please how the master can replicate his LDAP tree to the slave to get a 1:1 copy and a backup of my LDAP tree, if it's readonly ?!?!?!
I am also curious as to why you have a samba server contacting either the PDC/BDC ldap servers when it could just be running a replicated LDAP DB itself...which is how all the docs say to do it - maybe this is something new with 3.xx - not sure, but it alwyas seemed more logical to have all your samba boxes be thier own DC in terms of login/user informationif each smbd has it's own ldap instance running (DMs too), i have to ensure, that all LDAP instances have the same information
before i can't solve the replication problem (MASTER=dead, changes are made to SLAVE, MASTER comes back => inconsistency in LDAP trees) in case of the MASTER dies and information has to be written to one of the SLAVEs, i won't give each smbd his own passdb backend
it's my plan to have one PDC, one BDC, x DMs and one LDAP instance on both DCs
If your master does fail - and I mean dead, need to rebuild, etc..I would make one of the slaves the write/master get the original MASTER back on line, but not in production until you can do a slapcat of the LDAP to it, change the everything back to what it needs to be, and have your system running again....
this is my temporary solution
bye -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
