[Date Prev][Date Next] [Chronological] [Thread] [Top]

cross-replication, SASL

I was wondering if it was feasible to do "cross-replication"... I had
the idea that let's say I have multiple LDAP servers and they all are
masters, and all are running slurpd, and any change can occur on any
server and replicate completely. From how replication works, I think it
may be able to work. I would have multiple replica statements in
slapd.conf and all use some univeral way of authenicating, let's say via
SASL/GSSAPI. In that case, the binddn of a replica statement for remote
host A is some key that all ldap hosts have access to... I'm not sure
how that would work, exactly. 

Anyway, in general, how would replication (not necessarily
cross-replication) work via SASL/GSSAPI? What keys would
host1.domain.com and host2.domain.com require on each specific keytab? I
would imagine in slapd.conf for host1, we could bind to host2 as
ldap/host2.domain.com. But would host2 have key ldap/host2.mvista.com or
ldap/host1.mvista.com in /etc/krb5.keytab? For host to host
authentication via krb5, I'm a little bit on the clueless side.

Tomas Maly
"IT Freak"
MontaVista Software
(408) 328-8429