Extra complexity for no benefit?

The load on the LDAP server is likely to be higher than the load on the
KDC, so spreading the load of the KDC's isn't going to change anything
unless your one of your KDC's is really really slow. If you want
redundancy, I would maybe consider making slave replicas of the LDAP
database on the KDC machines, and pointing the KDCs at the local replica,
followed by the other two.


> Could someone review this setup, and provide some
> feedback?
> I am using an ldap backend, with a primary and
> secondary kdc pointing to the same ldap server (only
> the primary runs kadmind).Both the primary and the
> secondary can affect the database. I'm wondering if
> there are any reasons why I wouldn't want to do this
> is a production environment.
> Thanks in advance!
> Steve