Hey Yegui, You can find the script here https://wp.tntnet.eu/?p=112 There is a very short instruction too. Keep in mind that I m not a ldap or Kerberos expert. ^^
Thor > On 6. Feb 2019, at 03:37, Yegui Cai <caiye...@gmail.com> wrote: > > Hi Thor > Sure. Can I have a copy of it. I am still pretty new to Kerberos. Your script > is definitely helpful. > Thanks a lot! > Yegui > >> On Sat, Feb 2, 2019 at 1:55 PM t Seeger <tseeger...@gmail.com> wrote: >> Hey, >> >> my deployment is a multimaster ldap / Kerberos Setup... i made a „Script“ to >> install it on Debian/ubuntu. You can have it if you want... it is for >> testing. >> >> >> Thor >> >> Sent from my iPhone >> >> > On 2. Feb 2019, at 19:48, Benjamin Kaduk <ka...@mit.edu> wrote: >> > >> > LDAP is the only builtin KDC backend that supports multi-master KDCs at >> > all. (I don't know whether there are any public out-of-tree backends that >> > do so.) >> > >> > So, while you could use the LDAP backend with a single LDAP master and >> > multiple KDC masters, that master LDAP server would be a SPOF. >> > >> > -Ben >> > >> >> On Sat, Feb 02, 2019 at 01:45:44PM -0500, Yegui Cai wrote: >> >> Would it be possible to not leverage ldap for multiple-master deployment? >> >> >> >>> On Sat, Feb 2, 2019 at 1:14 PM Benjamin Kaduk <ka...@mit.edu> wrote: >> >>> >> >>> Most of the instances I've heard about that use multi-master KDCs also >> >>> use >> >>> multi-master LDAP replication, to avoid the SPOF. >> >>> >> >>> -Ben >> >>> >> >>>> On Sat, Feb 02, 2019 at 11:12:33AM -0500, Yegui Cai wrote: >> >>>> Hi Thor. >> >>>> So you have a shared ldap? If so, could that ldap be a single point of >> >>>> failure? >> >>>> >> >>>> Thanks, >> >>>> Yegui >> >>>> >> >>>>> On Sat, Feb 2, 2019 at 11:10 AM t Seeger <tseeger...@gmail.com> wrote: >> >>>>> >> >>>>> Hey Yegui, >> >>>>> >> >>>>> I use a mutli master setup. For the sync I use openldap. >> >>>>> >> >>>>> Greeting Thor >> >>>>> >> >>>>> On 2. Feb 2019, at 15:38, Yegui Cai <caiye...@gmail.com> wrote: >> >>>>> >> >>>>> Hi all. >> >>>>> I know the official document recommend master-slave deployment for >> >>>>> production environment. >> >>>>> Wonder if any try to do a master-master deployment? If yes, how could >> >>> you >> >>>>> sync between two masters? >> >>>>> Thanks, >> >>>>> Yegui >> >>>>> >> >>>>> ________________________________________________ >> >>>>> Kerberos mailing list Kerberos@mit.edu >> >>>>> https://mailman.mit.edu/mailman/listinfo/kerberos >> >>>>> >> >>>>> >> >>>> ________________________________________________ >> >>>> Kerberos mailing list Kerberos@mit.edu >> >>>> https://mailman.mit.edu/mailman/listinfo/kerberos >> >>> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
