I have been able to configure replication by using SASL-GSSAPI in my Realm.
However, I share my openldap directory with all sites of my company. Each
site has its own realm so this brings some dificulties when configuring
For now, I am just considering 2 realms (MIT-Kerberos):
The master slapd is on realm A.BASE.COM and the slave is on B.BASE.COM.
Each kerberos KDC trusts the other.
I know that I am missing the following steps:
0- kadmin -q "ank -randkey ldap/slave.base.com"
0.1- kadmin -q "ktadd ldap/slave.base.com"
but I don´t know in wich Realm I should create the slave. Can one machine
have services in two realms? Can I have in the same keytab services key for
I have been working for two weeks on this without success. Has anyone have
ever done something like this?
Do I need to *create a BASE.COM realm* to put the ldap servers?