On Wed, 2006-11-01 at 22:42 -0800, Howard Chu wrote:
Kent Nasveschuk wrote:
> On Tue, 2006-10-31 at 02:58 -0500, Andrew Bartlett wrote:
>> On Tue, 2006-10-31 at 02:32 -0500, Kent Nasveschuk wrote:
>> > I think I have this running now, well at least kadmin writes to LDAP.
>> > I was able to initialize the realm and add users. Couple questions:
>> > 
>> > 1) Replication when using LDAP as backend. In the past I have used
>> > slurpd to replicate the master to slaves. I haven't used syncrepl yet
>> > but I realize that it is probably the way to go. When you factor in
>> > Heimdal, how can I replicate this? I'm new to Heimdal, one would think
>> > that replication can't be left to syncrepl anymore.

Once the info is in LDAP, it doesn't matter where it came from. Why in 
the world would you think that Heimdal doesn't work with syncrepl?
I know syncrepl will work with the LDAP side, how do I replicate KDCs with LDAP backend? 
> What other options are available to provide multiple KDCs and LDAP 
> directories for enterprise use? I've gotten Heimdal to write to LDAP 
> but there is no redundancy with this scenario. KDC writes to master 
> and that's as far as I can go with that. I also need to have 
> replication at different geographic locations. 

Any of the available replication mechanisms will work. Syncrepl is 
probably the best of course.