[K12OSN] Samba/LDAP and the near future

Christopher K. Johnson ckjohnson at gwi.net
Tue Mar 9 09:15:01 UTC 2004 

David Trask wrote:

>Eric and all,
>
>
>
>I'm getting prepared for this summer's implementation of Samba/LDAP plus I
>have a bunch of folks who want me to teach them how to do it.  My set up
>works fine, but it's fairly simple....not that I want more complex, but
>others may.  First of all, where are your latest Samba/LDAP files and have
>you tested them with Fedora?  Second....have you or do you have Samba/LDAP
>set up in such a way that you have a master and many slaves?  Example: 
>Let's say a school district has 4 schools....and they're geographically
>seperated by a few miles or so....connected by T1.  Is it possible to
>essentially have one "district-wide" domain that can be accessed locally
>or via VPN from any of the 4 buildings?  Maybe in that Master-Slave mode? 
>Say you had a staff member that works between two schools....how could you
>make the same desktop and so forth accessible from either school for that
>person without necessarily retreiving the "profile" over a T1.  Could we
>have a master server that all the local slaves would sync to and thus
>propagate specified users to the other slaves?  (just dreaming....seeing
>flaws in my proposals already)  ;-)  
>
>I need to get my mind around the groups and so forth in Samba/LDAP....I
>need to refine my own system some more....right now I have staff...and
>users....and that's it.  Also...what do you use to import users in bulk to
>the system?  I use a script that Barry Smoke gave to me and it works
>fine....do you simply create the users with something like createusers and
>then convert them? Or what?  I'd like to find a simpler way to do
>this.....createusers works great....it'd be cool if you could simply
>create the users as you normally would and then somehow convert them into
>"LDAP" users.  Arrggghhh!  I simply don't understand the whole LDAP thing
>well enough.  Time to dive in and teach myself.
>  
>
It is certainly feasible for LDAP to be replicated.  Samba can support 
PDC/BDC functionality so being on the same windows domain is feasible.  
But logins getting same desktop and home are another matter, 
particularly with T1 bandwidth and the additional performance 
degredation of latency site to site for the encryption of VPN.   Since 
you mentioned VPN and T1 does that mean you are connecting the sites 
with VPN over their individual T1 Internet connections?  Or did you mean 
there is a dedicated T1 site to site?  That would make a huge difference 
in performance, especially latency and need for VPN or not.  Chances are 
this is something quite practical for a very small number of traveling 
people, if they would live with some performance degredation, but not 
practical on a large scale.

Do you want to get together sometime to compare notes on LDAP and VPN, etc.?

Chris

-- 
-----------------------------------------------------------
   "Spend less!  Do more!  Go Open Source..." -- Dirigo.net
   Chris Johnson, RHCE #807000448202021

More information about the K12OSN mailing list