[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: &bet;&nun;&vav;&shin;&alef;: kadmin talkingtoldapiproblem

On Thu, 2006-11-02 at 00:03 -0800, Howard Chu wrote:
Kent Nasveschuk wrote:
> On Wed, 2006-11-01 at 22:42 -0800, Howard Chu wrote:
>> Kent Nasveschuk wrote:
>> >
>> > On Tue, 2006-10-31 at 02:58 -0500, Andrew Bartlett wrote:
>> >> On Tue, 2006-10-31 at 02:32 -0500, Kent Nasveschuk wrote:
>> >> > I think I have this running now, well at least kadmin writes to LDAP.
>> >> > I was able to initialize the realm and add users. Couple questions:
>> >> > 
>> >> > 1) Replication when using LDAP as backend. In the past I have used
>> >> > slurpd to replicate the master to slaves. I haven't used syncrepl yet
>> >> > but I realize that it is probably the way to go. When you factor in
>> >> > Heimdal, how can I replicate this? I'm new to Heimdal, one would think
>> >> > that replication can't be left to syncrepl anymore.
>> Once the info is in LDAP, it doesn't matter where it came from. Why in 
>> the world would you think that Heimdal doesn't work with syncrepl?
> I know syncrepl will work with the LDAP side, how do I replicate KDCs 
> with LDAP backend?
So the KDC slave propagates changes to the master KDC
Master writes changes to LDAP
syncrepl replicates changes from master to LDAP slaves
KDC slaves see changes on LDAP backend

Do I have that right?

This is no different than any other LDAP replication scenario. Set up a 
slapd slave wherever you want to run a replicated KDC. Use chaining to 
forward KDC writes on the slaves up to the master.