KDC with openldap backend, ldap replication, can it chase referrals?
Greg Hudson
ghudson at mit.edu
Wed Apr 15 00:54:14 EDT 2020
On 4/14/20 3:34 PM, Andreas Hasenack wrote:> Can mit kerberos (1.17 for
the purpose of this conversation) using the
> openldap backend (kldap) chase ldap referrals when it tries to write
> to an openldap replica, which is read-only?
>
> In other words, can I list both the openldap primary and its read-only
> replica in krb5.conf's ldap_servers parameter?
I don't believe we support this. This came up a number of years ago:
https://krbdev.mit.edu/rt/Ticket/Display.html?id=7754
and we haven't written the callback code to do a non-anonymous bind when
chasing a referral.
More information about the Kerberos
mailing list