Bug 12218

Summary: OpenLDAP Multi-Master Replication
Product: Infrastructure Reporter: Michael Tremer <michael.tremer>
Component: ---Assignee: Michael Tremer <michael.tremer>
Status: CLOSED FIXED QA Contact:
Severity: Crash    
Priority: Will affect all users CC: peter.mueller
Version: unspecified   
Hardware: unspecified   
OS: Unspecified   

Description Michael Tremer 2019-10-24 15:19:13 UTC
I tried setting this up today, but no luck. I wasted hours and hours on this.

The TLS connection between auth01 and auth02 comes up now, but there is no Kerberos authentication happening between the two hosts. I do not have any further debug information apart from a SASL error message and that is it.
Comment 1 Peter Müller 2020-12-07 21:18:30 UTC
https://wiki.ipfire.org/devel/telco/2020-12-07

This seems to cause _major_ infrastructure hiccups any time Debian ships an LDAP update requiring a reboot afterwards.
Comment 2 Michael Tremer 2021-10-22 17:57:01 UTC
I consider this being solved now.

I set up the second LDAP/Kerberos server which is running on a different hardware host.

Most applications will continue using the first server (which won't be a problem with the little load that we have at the moment) and will fall back to the other one in case they need to.

Both are writable and replicate all changes to each other.