Re: [Samba] samba+ldap two domains db sync?
Alberto Moreno wrote: Is possible to sync both ldap servers every time I change something in ldap? or a better way to do it?Alberto Moreno wrote: You could probably do this with OpenLDAP's syncrepl replication facility. You may also wish to consider combining everything into one LDAP database, containing two different Samba domains, with a common OU for user accounts. You could keep the LDAP servers as they are, just set up one as a secondary LDAP server using syncrepl. That would have the advantage of centralizing everything and ease user administration, since users created in one domain would automatically be included in both. Without knowing the specifics, however, it's hard to say to which way would be best. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba+ldap two domains db sync?
Rob, I am curious if you think an extension of this idea might work to centrally control and manage many domains? Mothership LDAP [Hosted Highly Redundant setup] - Domain 1 (SyncRepl only portion of LDAP) - Domain 2 (SyncRepl only portion of LDAP) ... - Domain 26 (SyncRepl only portion of LDAP) Ideally each local subnet might also be VPNed up to the mothership so that local machines could still authenticate (slowly) if the local PDC were unavailable. Long term each domain would be Samba4 based and fully AD ready. Would love to discuss this idea with someone familiar with multi-domain setups like this. thanks, Larry -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Rob Shinn Sent: Monday, January 11, 2010 9:33 AM To: Alberto Moreno Cc: samba@lists.samba.org Subject: Re: [Samba] samba+ldap two domains db sync? Alberto Moreno wrote: Is possible to sync both ldap servers every time I change something in ldap? or a better way to do it?Alberto Moreno wrote: You could probably do this with OpenLDAP's syncrepl replication facility. You may also wish to consider combining everything into one LDAP database, containing two different Samba domains, with a common OU for user accounts. You could keep the LDAP servers as they are, just set up one as a secondary LDAP server using syncrepl. That would have the advantage of centralizing everything and ease user administration, since users created in one domain would automatically be included in both. Without knowing the specifics, however, it's hard to say to which way would be best. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] samba+ldap two domains db sync?
Hi people. I have 2 domains running samba with ldap(Centos 5.x), I would like to know this. I would like to have the same DB in both sites, if I change the users just would like to do it 1 time. Is possible to sync both ldap servers every time I change something in ldap? or a better way to do it? Thanks!!! -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba+ldap two domains db sync?
Alberto Moreno wrote: Is possible to sync both ldap servers every time I change something in ldap? or a better way to do it?Alberto Moreno wrote: You could probably do this with OpenLDAP's syncrepl replication facility. You may also wish to consider combining everything into one LDAP database, containing two different Samba domains, with a common OU for user accounts. You could keep the LDAP servers as they are, just set up one as a secondary LDAP server using syncrepl. That would have the advantage of centralizing everything and ease user administration, since users created in one domain would automatically be included in both. Without knowing the specifics, however, it's hard to say to which way would be best. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba+ldap two domains db sync?
On 01/11/10 09:31, Rob Shinn wrote: Alberto Moreno wrote: Is possible to sync both ldap servers every time I change something in ldap? or a better way to do it?Alberto Moreno wrote: You could probably do this with OpenLDAP's syncrepl replication facility. You may also wish to consider combining everything into one LDAP database, containing two different Samba domains, with a common OU for user accounts. You could keep the LDAP servers as they are, just set up one as a secondary LDAP server using syncrepl. That would have the advantage of centralizing everything and ease user administration, since users created in one domain would automatically be included in both. Without knowing the specifics, however, it's hard to say to which way would be best. I don't think one user in LDAP could be in two different domains- each user has to have a distinct SambaSID entry. I use Sun's Directory Server for my LDAP backend- it was already in place for another project which is why I went with it rather than with OpenLDAP. It supports replication between ldap servers and has a GUI for setting up the replication parameters.Although, too be fair, there is a bit of a learning curve with this product. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba+ldap two domains db sync?
Gaiseric Vandal wrote: I don't think one user in LDAP could be in two different domains- each user has to have a distinct SambaSID entry. Ooomph! *slaps forehead*. You're right. That's what I get for posting before I've had my coffeee. I stand by my original statement that OpenLDAP's syncrepl would work, though. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba+ldap two domains db sync?
Thanks people. I will read about synrepl and see how it works, thanks all of u for your tips!!! See u!!! On Mon, Jan 11, 2010 at 6:49 AM, Rob Shinn mor...@tuxedo.darktech.org wrote: Gaiseric Vandal wrote: I don't think one user in LDAP could be in two different domains- each user has to have a distinct SambaSID entry. Ooomph! *slaps forehead*. You're right. That's what I get for posting before I've had my coffeee. I stand by my original statement that OpenLDAP's syncrepl would work, though. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
