A Few Questions

[Geoff Silver <geoff@uslinux.net>]

Hello, everyone.  I've been using OpenLDAP for a little while, and I'm
starting to hit a few sticking points, so I've subscribed to the list in
the hopes a few experienced souls will be able to lend me a hand.

First, is it possible to configure OpenLDAP in a master/slave relationship
similar to NIS (or DNS or Sendmail)?  I know I can use slurpd to replicate
the LDAP directory, but I'd like queries to be sent to my primary LDAP
server, and only use the slave server if the master goes down.  DNS round
robin won't work, because it will rotate between servers (which will fail
50% of the time).

Second, is there a good resource somewhere with a list and explanation of
the attributes which can be implemented in the directory (aside from
scouring the RFCs and Google)?  What I'd really like to find is a table
with something like:
	attribute	type		description (and possibly example)
	----------	-------		----------------------------------
	uidNumber	integer		Unix UID used by nsswitch/pam_ldap
	userPassword	crypted string	Unix password in crpt form, eg.
					  {crypt}$1$iInQQgss$ddfds342U7a/
					  (must begin with {crypt}!)

etc, etc.  I've so far implemented LDAP for a corporate directory and Unix
authentication/nss, but it's been terribly difficult finding a userful
list of attributes so that I could implement it.

Which bring up my last question.  Is there a good reference on using LDAP
for Windows NT and/or 2000 authentication?  I've heard this is possible,
but I haven't found any good resources on it.  This, of course, would be
the holy grail - allowing me to get rid of the Windows DCs and use LDAP as
a central authentication mechanism.

Thanks for any help anyone can provide!


-- 
Geoff Silver					<geoff at uslinux dot net>
"If Bill Gates had a nickel for every time Windows crashed...
	Oh wait, he does"