Hey, my deployment is a multimaster ldap / Kerberos Setup... i made a „Script“ to install it on Debian/ubuntu. You can have it if you want... it is for testing.
Thor Sent from my iPhone > On 2. Feb 2019, at 19:48, Benjamin Kaduk <ka...@mit.edu> wrote: > > LDAP is the only builtin KDC backend that supports multi-master KDCs at > all. (I don't know whether there are any public out-of-tree backends that > do so.) > > So, while you could use the LDAP backend with a single LDAP master and > multiple KDC masters, that master LDAP server would be a SPOF. > > -Ben > >> On Sat, Feb 02, 2019 at 01:45:44PM -0500, Yegui Cai wrote: >> Would it be possible to not leverage ldap for multiple-master deployment? >> >>> On Sat, Feb 2, 2019 at 1:14 PM Benjamin Kaduk <ka...@mit.edu> wrote: >>> >>> Most of the instances I've heard about that use multi-master KDCs also use >>> multi-master LDAP replication, to avoid the SPOF. >>> >>> -Ben >>> >>>> On Sat, Feb 02, 2019 at 11:12:33AM -0500, Yegui Cai wrote: >>>> Hi Thor. >>>> So you have a shared ldap? If so, could that ldap be a single point of >>>> failure? >>>> >>>> Thanks, >>>> Yegui >>>> >>>>> On Sat, Feb 2, 2019 at 11:10 AM t Seeger <tseeger...@gmail.com> wrote: >>>>> >>>>> Hey Yegui, >>>>> >>>>> I use a mutli master setup. For the sync I use openldap. >>>>> >>>>> Greeting Thor >>>>> >>>>> On 2. Feb 2019, at 15:38, Yegui Cai <caiye...@gmail.com> wrote: >>>>> >>>>> Hi all. >>>>> I know the official document recommend master-slave deployment for >>>>> production environment. >>>>> Wonder if any try to do a master-master deployment? If yes, how could >>> you >>>>> sync between two masters? >>>>> Thanks, >>>>> Yegui >>>>> >>>>> ________________________________________________ >>>>> Kerberos mailing list Kerberos@mit.edu >>>>> https://mailman.mit.edu/mailman/listinfo/kerberos >>>>> >>>>> >>>> ________________________________________________ >>>> Kerberos mailing list Kerberos@mit.edu >>>> https://mailman.mit.edu/mailman/listinfo/kerberos >>> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
