On 4/14/20 3:34 PM, Andreas Hasenack wrote:> Can mit kerberos (1.17 for the purpose of this conversation) using the > openldap backend (kldap) chase ldap referrals when it tries to write > to an openldap replica, which is read-only? > > In other words, can I list both the openldap primary and its read-only > replica in krb5.conf's ldap_servers parameter?
I don't believe we support this. This came up a number of years ago: https://krbdev.mit.edu/rt/Ticket/Display.html?id=7754 and we haven't written the callback code to do a non-anonymous bind when chasing a referral. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
