Author Topic: zentyal 2.2 ldap master and slave  (Read 1923 times)

Barrydocks

  • Zen Warrior
  • ***
  • Posts: 145
  • Karma: +4/-0
    • View Profile
zentyal 2.2 ldap master and slave
« on: December 12, 2012, 08:47:30 am »
I have 2 servers, I want one to be the master ldap server and the other to be a slave that authenticates against the master.  I currently run zentyal 2.0 but this requires a separate ldap server as it not possible to run a master ldap server and file sharing on the same machine. 

I have been trying out zentyal 3 as I though samba4 would get around this problem but alas v3.0 is simply not stable enough at present.  So my question is if zentyal 2.2 is capable of running as a ldap master and operate file sharing on the same machine?
Thanks

christian

  • Guest
Re: zentyal 2.2 ldap master and slave
« Reply #1 on: December 12, 2012, 09:15:11 am »
The answer is here in documentation.

Just curious, what are the stability issues you face with 3.0 ?

Barrydocks

  • Zen Warrior
  • ***
  • Posts: 145
  • Karma: +4/-0
    • View Profile
Re: zentyal 2.2 ldap master and slave
« Reply #2 on: December 12, 2012, 10:21:31 am »
Thanks for the reply, can I set up the ldap master server as a virtual machine and then authenticate the host against that?

Just curious, what are the stability issues you face with 3.0 ?
Simple things like the apparmor issue with samba, not being able to log into the windows domain as the realm name is automatically set to the host domain name but this is too long to act as the samba domain name

christian

  • Guest
Re: zentyal 2.2 ldap master and slave
« Reply #3 on: December 12, 2012, 10:37:30 am »
Thanks for the reply, can I set up the ldap master server as a virtual machine and then authenticate the host against that?

Sorry, I don't understand what you mean by "ldap master server as a virtual machine" neither what "authenticate host against that" would mean.

Barrydocks

  • Zen Warrior
  • ***
  • Posts: 145
  • Karma: +4/-0
    • View Profile
Re: zentyal 2.2 ldap master and slave
« Reply #4 on: December 12, 2012, 10:46:51 am »
Thanks for the reply, can I set up the ldap master server as a virtual machine and then authenticate the host against that?

Sorry, I don't understand what you mean by "ldap master server as a virtual machine" neither what "authenticate host against that" would mean.
Sorry, I will be more specific:
Can I:
1. setup zentyal 2.2 core on my physical server
2. set up a virtual installation on the physical server
3. configure the virtual machine to act as the master ldap database
4. install the file sharing module on the physical server but get them to authenticate against the ldap database on the virtual machine?

Thanks

christian

  • Guest
Re: zentyal 2.2 ldap master and slave
« Reply #5 on: December 12, 2012, 10:58:35 am »
I never though about such design and don't understand how this could be feasible. I mean installing Zentyal as slave of another Zentyal server install in a VM managed by slave Zentyal  :o

1 - Why then do you need master/slave design ?
2 - I also understood (probably wrongly) from your first post that you have 2 servers.

The other point that is strange to me is your willingness to authenticate against master LDAP. Well, I know Zentyal 2.2 implementation is somewhat strange for what concerns LDAP authentication but in a standard master/slave design, you can 'LDAP) authenticate against any LDAP server part of the replicated LDAP landscape for a given rootDN.

Anyway, give a try and let us know if such design works  ;)

Barrydocks

  • Zen Warrior
  • ***
  • Posts: 145
  • Karma: +4/-0
    • View Profile
Re: zentyal 2.2 ldap master and slave
« Reply #6 on: December 12, 2012, 11:08:51 am »
Thanks for your reply.

Quote
1 - Why then do you need master/slave design ?
2 - I also understood (probably wrongly) from your first post that you have 2 servers
You are correct, but I want both to have the file sharing module installed as both servers have large raid storage, but I only want one ldap server and I don't really want a third machine running just for this.  If I can get one of the machine to run a virtual instance that either acts as a ldap master or I suppose I could get the virtual instance to act as the file share?

christian

  • Guest
Re: zentyal 2.2 ldap master and slave
« Reply #7 on: December 12, 2012, 11:22:22 am »
You will never have "only one LDAP server", by design.
The best you can have is to manage accounts on LDAP master only. Then you don't care if authenticaiton is done against one or another LDAP server as long as this is transparent for you and users. Am I correct ?

Given your goal, if you don't want to have dedicated server to host your LDAP master, why don't you rather install server with e.g. Virtualbox on top of which you will install one VM for LDAP master and one VM for LDAP slave and file sharing then another LDAP slave + file sharing on the other server ?

Barrydocks

  • Zen Warrior
  • ***
  • Posts: 145
  • Karma: +4/-0
    • View Profile
Re: zentyal 2.2 ldap master and slave
« Reply #8 on: December 12, 2012, 11:31:07 am »
Sorry, I am not being very clear which probably only serves to demonstrate my lack of knowledge regarding ldap  :(

Quote
The best you can have is to manage accounts on LDAP master only. Then you don't care if authentication is done against one or another LDAP server as long as this is transparent for you and users. Am I correct ?
yes this is exactly what I want, basically
server 1 is the master server that controls the gateway, dns, dhcp and mail, etc but also has a local samba share enabled;
server 2 is a dedicated samba file server
I don't really care which one is the master ldap server (probably best if server 2 is as it's not exposed to the real world) just as long as the user logon is the same and transparent for both servers.

I was under the impression that I would need a 3rd server to act as the ldap master the this sort of set up as I can't install any modules that rely on the ldap authentication on the ldap master server?

christian

  • Guest
Re: zentyal 2.2 ldap master and slave
« Reply #9 on: December 12, 2012, 11:38:09 am »
Yes you DO need 3 servers in case of master/slave design if you also need 2 different file sharing because, as written in documentation link I provided, file sharing can NOT run on LDAP master. Same for mail.

What I proposed was to run Virtualbox on one host so that you can have 2 virtual machines, one being Zentyal master, the other being Zentyal slave and Zentyal slave on the second host (third Zentyal machine).

Then LDAP master server will act as LDAP master server only. My advice is that you run internet gateway on Zentyal slave due to Zentyal limitation in term of MTA/MDA design:
- mail can only run on slave
- you are obliged to deliver mails locally