[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP replication using GSSAPI for slave server auth



Matt-

I think I see what you're getting at. The k5start tool looks extremely cool and I think I'll use that. Can I skip using SASL to use this method of authentication? Or do I still need something like:

bindmethod=sasl saslmech=GSSAPI

in my syncrepl entry in slapd.conf?

Also, if I use SyncRep can I skip all the stuff about setting up replication with slurpd? That would be very nice as that slurpd stuff looked kind of sticky.

Sorry about the probably basic questions, I'm kind of new to this stuff and am picking it up on the way.... :)

ciao, erich

Matthew J. Smith wrote:
Erich-

  You will need to use the keytab to fetch a TGT for the user account
under which the OpenLDAP server is running.  Either a cron-job running
kinit, or k5start (first Google hit:
http://www.eyrie.org/~eagle/software/kstart/k5start.html ) should do the
trick.  Assuming you are using SyncRepl, you will need to do this on
each slave LDAP server.

HTH,
-Matt