[Fwd: Re: [K12OSN] silly ldap questions]

David Trask dtrask at vcsvikings.org
Tue Mar 28 20:29:41 UTC 2006


Also bear in mind as you research this, that Samba 4 will change
everything once again.  Samba 4 will have it's own LDAP packaged right
along with it.  In the end this should be an excellent thing, but will
mean we have to rewrite all the how-to's again  :-)


qhartman at lane.k12.or.us on Tuesday, March 28, 2006 at 1:25 PM +0000 wrote:
>-------- Forwarded Message --------
>From: Quentin Hartman <qhartman at lane.k12.or.us>
>Reply-To: qhartman at lane.k12.or.us
>To: Peter Hartmann <ascensiontech at gmail.com>
>Subject: Re: [K12OSN] silly ldap questions
>Date: Tue, 28 Mar 2006 10:24:06 -0800
>
>On Tue, 2006-03-28 at 12:49 -0500, Peter Hartmann wrote:
>> Hey Quentin,
>> Thanks for writing.
>> 
>> > You certainly can, and this is probably the easiest way to set things
>up.
>> > I like to have multiple DNS names point at the same machine, one for
>each
>> > service. That way, I can seperate those services out on to other
>machines
>> > if I need to without reconfiguring everything.
>> 
>> That's a great idea.    Just out of curiousity, what would, or could,
>> you farm out if you needed to?
>
>For instance, I am planning on putting LDAP on a dedicated machine this
>summer. We are putting up more and more services that authenticate to
>our LDAP directory, so I fear that it is going to become too much of a
>drag on the machine it is on now. So, I setup a base server (I plan on
>using Ubuntu) and then load up and configure ldap. Replicate the
>directory over, update DNS to point to the new server, and I'm done.
>Nothing else has to change.
>
>You can do this with any service. Do you only have one DNS server, but
>want to easily support up to three for failover? Configure your clients
>to use NS0, NS1, and NS2, but make NS1 and NS2 aliases to NS0. In
>reality they all point to the same machine, but once you get your
>additional DNS servers up, just change the DNS config, and you're done.
>
>You can do this with just about anything. I have follett.slane.k12.or.us
>for our library system, irm.* for our inventory / trouble ticket system,
>ntp.* for time service, mysql.* for DB, and several others all pointing
>to a single machine which is also called maple.* . By doing it this way,
>migrating those services to other machines is dead simple. If I had used
>the "real" server name (maple.* in this case) rather than the service
>name, it would be more difficult to split out if I only wanted to move
>one service.
>
>> 
>> 
>> > It sounds like you have everything
>> > (ltsp, samba, ldap, dhcp, etc.)
>> 
>> Well, right now all those, with the exception of ldap (since we're
>> still with linux auth),  are on the same server.   I didn't explain
>> well enough. Can one have just ldap and not a smb fileserver on a
>> dedicated machine?  That's the mounting would come in back to the
>> ltsp, file,dhcp server.  Why?  FIle servers arent cheap and I wouldn't
>> be messing with the ltsp server other than telling it how to
>> authenicate, right?. 
>
>
>You can have LDAP on a dedicated machine, no problem. If you just put
>LDAP on a dedicated machine, you only need to tell the LTSP server to
>authenticate to it. Everything else stays the same. 
>
>>  (it's working and that's how I like it  :)  ) I
>> could easily revert to linux auth if things went south right?.   I
>> hope that's making more sense.
>
>As long as you keep you smb.conf sections that are for linux auth, it's
>easy. In my setup, I actually kept those portions in my config
>(commented out, of course) for quite some time. I wanted to make sure I
>had an easy fall back if LDAP didn't work out. I just built two blocks
>in the config, one for ldap and one for linux, then (un)comented as
>needed to switch back and forth.
>
>I noticed that someone suggested using the smbldap-installer script.
>That's probably a good start, though after I used it on some test
>equipment I ended up doing the setup by hand. My config is much larger
>and more complex than that script is designed to handle, but it was good
>for learning if nothing else.
>
>
>
>_______________________________________________
>K12OSN mailing list
>K12OSN at redhat.com
>https://www.redhat.com/mailman/listinfo/k12osn
>For more info see <http://www.k12os.org>



David N. Trask
Technology Teacher/Director
Vassalboro Community School
dtrask at vcsvikings.org
(207)923-3100





More information about the K12OSN mailing list