[36304] in Kerberos
RE: Replicated LDAP as backend
daemon@ATHENA.MIT.EDU (Paul B. Henson)
Tue Jul 29 16:42:20 2014
From: "Paul B. Henson" <henson@acm.org>
To: <kerberos@mit.edu>
In-Reply-To: <1406295631.32174.1.camel@vikktakkht.kf8nh.com>
Date: Tue, 29 Jul 2014 13:41:58 -0700
Message-ID: <1fee01cfab6d$8d4666e0$a7d334a0$@acm.org>
MIME-Version: 1.0
Content-Language: en-us
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
> From: Brandon Allbery
> Sent: Friday, July 25, 2014 6:41 AM
>
> Multi-master replication works fine, and is arguably the only sensible
> reason to use the LDAP backend in the first place --- it's slower and
> more painful to manage compared to the standard backend.
We've been running multi master on top of openldap for a few years now, and
it works great. We have kadmin behind a hardware load balancer, which
automatically transitions clients to one of the secondary servers if the
master fails.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos