[Date Prev][Date Next] [Chronological] [Thread] [Top]

cross-replication, SASL

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: cross-replication, SASL
From: Tomas Maly <malyprogservices@flashmail.com>
Date: Mon, 08 Jan 2001 15:59:32 -0800
Cc: openldap-software <openldap-software@OpenLDAP.org>
References: <5.0.2.1.0.20010108152048.00a5cae0@router.boolean.net>

I was wondering if it was feasible to do "cross-replication"... I had
the idea that let's say I have multiple LDAP servers and they all are
masters, and all are running slurpd, and any change can occur on any
server and replicate completely. From how replication works, I think it
may be able to work. I would have multiple replica statements in
slapd.conf and all use some univeral way of authenicating, let's say via
SASL/GSSAPI. In that case, the binddn of a replica statement for remote
host A is some key that all ldap hosts have access to... I'm not sure
how that would work, exactly. 

Anyway, in general, how would replication (not necessarily
cross-replication) work via SASL/GSSAPI? What keys would
host1.domain.com and host2.domain.com require on each specific keytab? I
would imagine in slapd.conf for host1, we could bind to host2 as
ldap/host2.domain.com. But would host2 have key ldap/host2.mvista.com or
ldap/host1.mvista.com in /etc/krb5.keytab? For host to host
authentication via krb5, I'm a little bit on the clueless side.

--
Tomas Maly
"IT Freak"
MontaVista Software
(408) 328-8429
tmaly@mvista.com

Follow-Ups:
- Re: cross-replication, SASL
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: failover
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Monitoring OpenLDAP 1.2
Next by Date: Re: cross-replication, SASL
Index(es):
- Chronological
- Thread