redundancy and fail-over by replicating to a Samba BDC. Groups of LDAP PDCs and BDCswith load balancing are ideal for an enterprise environment. On the other hand, LDAPconfigurations are inherently complex to setup and maintain. If SSL is to be incorporated withLDAP, the complexity instantly multiplies. Even so, with careful and precise planning, LDAP isan ideal solution for enterprise environments.Note the passdb backend directive as well as specific LDAP suffix specifications. Although theSamba configuration for LDAP is straightforward, the installation of OpenLDAP is not trivial.LDAP should be installed and configured before any Samba configuration. Also notice thatSamba and LDAP do not need to be on the same server to function. It is highly recommendedto separate the two in an enterprise environment.[global]workgroup = DOCSnetbios name = DOCS_SRVpassdb backend = ldapsam:ldap://ldap.example.comusername map = /etc/samba/smbuserssecurity = useradd user script = /usr/sbin/useradd -m %udelete user script = /usr/sbin/userdel -r %uadd group script = /usr/sbin/groupadd %gdelete group script = /usr/sbin/groupdel %gadd user to group script = /usr/sbin/usermod -G %g %uadd machine script = \/usr/sbin/useradd -s /bin/false -d /dev/null \-g machines %u# The following specifies the default logon script# Per user logon scripts can be specified in the# user account using pdbeditlogon script = scripts\logon.bat# This sets the default profile path.# Set per user paths with pdbeditlogon path = \\%L\Profiles\%Ulogon drive = H:logon home = \\%L\%Udomain logons = Yesos level = 35preferred master = Yesdomain master = Yesldap suffix = dc=example,dc=comldap machine suffix = ou=Peopleldap user suffix = ou=Peopleldap group suffix = ou=Groupldap idmap suffix = ou=Peopleldap admin dn = cn=Managerldap ssl = noldap passwd sync = yesidmap uid = 15000-20000idmap gid = 15000-20000...# Other resource shares......Domain Controller259
