[38722] in Kerberos
Re: KDC with openldap backend, ldap replication, can it chase
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Apr 15 00:58:38 2020
To: Andreas Hasenack <andreas@canonical.com>, <kerberos@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <dee59100-99ae-607b-16f4-80bfa0a3490c@mit.edu>
Date: Wed, 15 Apr 2020 00:54:14 -0400
MIME-Version: 1.0
In-Reply-To: <CANYNYEHaGVyJnf5b=4YWhu9hTPW85Dc9YjC+0e-FD4EyBrtGcA@mail.gmail.com>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 4/14/20 3:34 PM, Andreas Hasenack wrote:> Can mit kerberos (1.17 for
the purpose of this conversation) using the
> openldap backend (kldap) chase ldap referrals when it tries to write
> to an openldap replica, which is read-only?
>
> In other words, can I list both the openldap primary and its read-only
> replica in krb5.conf's ldap_servers parameter?
I don't believe we support this. This came up a number of years ago:
https://krbdev.mit.edu/rt/Ticket/Display.html?id=7754
and we haven't written the callback code to do a non-anonymous bind when
chasing a referral.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
