Sorry, I am not being very clear which probably only serves to demonstrate my lack of knowledge regarding ldap
The best you can have is to manage accounts on LDAP master only. Then you don't care if authentication is done against one or another LDAP server as long as this is transparent for you and users. Am I correct ?
yes this is exactly what I want, basically
server 1 is the master server that controls the gateway, dns, dhcp and mail, etc but also has a local samba share enabled;
server 2 is a dedicated samba file server
I don't really care which one is the master ldap server (probably best if server 2 is as it's not exposed to the real world) just as long as the user logon is the same and transparent for both servers.
I was under the impression that I would need a 3rd server to act as the ldap master the this sort of set up as I can't install any modules that rely on the ldap authentication on the ldap master server?