Greetings,
i would like to use multiple OpenLDAP Server with Samba. As Samba uses only one database server, i considered it would be suitable to use a ldap proxy in front of my master and my slaves servers. I tried it with the proxycache overlay, but after some testing and combing the internet for information it seems this does not work for write-request.
Is this information correct? And if it is, are there some alternatives?
Best Regards, Christoph Berkemeier
On Fri, 4 Jun 2010, Christoph Berkemeier wrote:
i would like to use multiple OpenLDAP Server with Samba. As Samba uses only one database server, i considered it would be suitable to use a ldap proxy in front of my master and my slaves servers. I tried it with the proxycache overlay, but after some testing and combing the internet for information it seems this does not work for write-request.
It sounds like you're getting write referrals from your replicas. slapo-chain can chase those referrals server-side. You can run test032 to see a chain configuration in action; also read through slapd-ldap(5) and slapo-chain(5) man pages for background.
Aaron Richton schrieb:
On Fri, 4 Jun 2010, Christoph Berkemeier wrote:
i would like to use multiple OpenLDAP Server with Samba. As Samba uses only one database server, i considered it would be suitable to use a ldap proxy in front of my master and my slaves servers. I tried it with the proxycache overlay, but after some testing and combing the internet for information it seems this does not work for write-request.
It sounds like you're getting write referrals from your replicas. slapo-chain can chase those referrals server-side. You can run test032 to see a chain configuration in action; also read through slapd-ldap(5) and slapo-chain(5) man pages for background.
slapo-chain is another good hint, i take a look at it. Thanks for your help.
Best Regards, Christoph Berkemeier
Dear,
Regarding domain names for LDAP root, you should use something like dc = domain, dc = country eg ar, cl, is br. or better use some other domain?
That is, suppose the root domain is dominio.es Is it advisable to do so? I ask because I have seen many implementations (especially Microsoft AD), which states rather dominio.local or dominio.int.
What is recommended in this regard? Is there no problem in using it so?
Regards
Sebastián V.
On 04/06/2010 12:55, Christoph Berkemeier wrote:
Greetings,
i would like to use multiple OpenLDAP Server with Samba. As Samba uses only one database server, i considered it would be suitable to use a ldap proxy in front of my master and my slaves servers. I tried it with the proxycache overlay, but after some testing and combing the internet for information it seems this does not work for write-request.
Is this information correct? And if it is, are there some alternatives?
The proxycache overlay is designed to keep a local cache of requests (searches and binds if I recall correctly) to a distant LDAP server.
If you just want an LDAP proxy with multiple backends, take a look at the meta and ldap backends:
http://www.openldap.org/software/man.cgi?query=slapd-meta
Hope this helps, Jonathan
Jonathan Clarke schrieb:
On 04/06/2010 12:55, Christoph Berkemeier wrote:
Greetings,
i would like to use multiple OpenLDAP Server with Samba. As Samba uses only one database server, i considered it would be suitable to use a ldap proxy in front of my master and my slaves servers. I tried it with the proxycache overlay, but after some testing and combing the internet for information it seems this does not work for write-request.
Is this information correct? And if it is, are there some alternatives?
The proxycache overlay is designed to keep a local cache of requests (searches and binds if I recall correctly) to a distant LDAP server.
A caching proxy would be a nice feature, but i considered it as an optional feature.
If you just want an LDAP proxy with multiple backends, take a look at the meta and ldap backends:
I already tried a ldap backend (slapd-ldap) with pcache overlay, but i will definitly take a look at slapd-meta. Thank you for your help.
Best Regards, Christoph Berkemeier
On Friday, 4 June 2010 11:55:16 Christoph Berkemeier wrote:
Greetings,
i would like to use multiple OpenLDAP Server with Samba. As Samba uses only one database server
????
, i considered it would be suitable to use a ldap proxy in front of my master and my slaves servers.
For a single-master, multiple-slaves scenario, samba has supported this since about 2.2.5.
Or, can you provide more details on the exact scenario, configuration extracts (e.g. passdb backend, ldap replication sleep) from your smb.conf, and error messages when problems occur etc.
Regards, Buchan
Buchan Milne schrieb:
On Friday, 4 June 2010 11:55:16 Christoph Berkemeier wrote:
Greetings,
i would like to use multiple OpenLDAP Server with Samba. As Samba uses only one database server
, i considered it would be suitable to use a ldap proxy in front of my master and my slaves servers.
For a single-master, multiple-slaves scenario, samba has supported this since about 2.2.5.
The support was removed in 3.0.23 as you can read in http://www.samba.org/samba/history/samba-3.0.23.html:
############## Passdb Changes ==============
The "passdb backend" parameter no long accepts multiple backends in a chaining configuration. ##############
The feature was removed, because, as far as i can remember, it need a lot of maintance.
Best Regards, Christoph Berkemeier
On Friday, 4 June 2010 15:27:12 Christoph Berkemeier wrote:
Buchan Milne schrieb:
On Friday, 4 June 2010 11:55:16 Christoph Berkemeier wrote:
Greetings,
i would like to use multiple OpenLDAP Server with Samba. As Samba uses only one database server
, i considered it would be suitable to use a ldap proxy in front of my master and my slaves servers.
For a single-master, multiple-slaves scenario, samba has supported this since about 2.2.5.
The support was removed in 3.0.23 as you can read in http://www.samba.org/samba/history/samba-3.0.23.html:
############## Passdb Changes ==============
The "passdb backend" parameter no long accepts multiple backends in a chaining configuration. ##############
The feature was removed, because, as far as i can remember, it need a lot of maintance.
But, a single passdb backend can specify multiple LDAP servers, as shown in the examples in the smb.conf man page:
" Multiple servers may also be specified in double-quotes. Whether multiple servers are supported or not and the exact syntax depends on the LDAP library you use.
Examples of use are:
passdb backend = tdbsam:/etc/samba/private/passdb.tdb
or multi server LDAP URL with OpenLDAP library:
passdb backend = ldapsam:"ldap://ldap-1.example.com ldap://ldap-2.example.com"
"
Regards, Buchan
Buchan Milne schrieb:
On Friday, 4 June 2010 15:27:12 Christoph Berkemeier wrote:
Buchan Milne schrieb:
On Friday, 4 June 2010 11:55:16 Christoph Berkemeier wrote:
[...]
But, a single passdb backend can specify multiple LDAP servers, as shown in the examples in the smb.conf man page:
" Multiple servers may also be specified in double-quotes. Whether multiple servers are supported or not and the exact syntax depends on the LDAP library you use.
Examples of use are: passdb backend = tdbsam:/etc/samba/private/passdb.tdb or multi server LDAP URL with OpenLDAP library: passdb backend = ldapsam:"ldap://ldap-1.example.comldap://ldap-2.example.com"
"
I think i tried this already, but as i am not completly sure, i will try it again on the next occasion. Thank you for your help.
Best Regards Christoph Berkemeier
openldap-technical@openldap.org
-
"Veloso Varas, Sebastián (TECH-IT)" -
Aaron Richton -
Buchan Milne -
Christoph Berkemeier -
Jonathan Clarke