diff --git a/lib/hdb/hdb-ldap.c b/lib/hdb/hdb-ldap.c
index 9b92905be..9d191c9cf 100644
--- a/lib/hdb/hdb-ldap.c
+++ b/lib/hdb/hdb-ldap.c
@@ -2002,7 +2002,7 @@ hdb_ldap_common(krb5_context context,
 
     (*db)->hdb_master_key_set = 0;
     (*db)->hdb_openp = 0;
-    (*db)->hdb_capability_flags = 0;
+    (*db)->hdb_capability_flags = HDB_CAP_F_SHARED_DIRECTORY;
     (*db)->hdb_open = LDAP_open;
     (*db)->hdb_close = LDAP_close;
     (*db)->hdb_fetch_kvno = LDAP_fetch_kvno;
diff --git a/lib/hdb/hdb.h b/lib/hdb/hdb.h
index e67a4e062..c1654a170 100644
--- a/lib/hdb/hdb.h
+++ b/lib/hdb/hdb.h
@@ -71,6 +71,7 @@ enum hdb_lockop{ HDB_RLOCK, HDB_WLOCK };
 #define HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL 1
 #define HDB_CAP_F_HANDLE_PASSWORDS	2
 #define HDB_CAP_F_PASSWORD_UPDATE_KEYS	4
+#define HDB_CAP_F_SHARED_DIRECTORY      8
 
 /* auth status values */
 #define HDB_AUTH_SUCCESS		0
diff --git a/lib/kadm5/log.c b/lib/kadm5/log.c
index 31127d413..94fc85fec 100644
--- a/lib/kadm5/log.c
+++ b/lib/kadm5/log.c
@@ -1719,7 +1719,12 @@ recover_replay(kadm5_server_context *context,
     /* We're at the start of the payload; compute end of entry offset */
     off = krb5_storage_seek(sp, 0, SEEK_CUR) + len + LOG_TRAILER_SZ;
 
-    ret = kadm5_log_replay(context, op, ver, len, sp);
+    /* We cannot perform log recovery on LDAP and such backends */
+    if (data->mode == kadm_recover_replay &&
+        (context->db->hdb_capability_flags & HDB_CAP_F_SHARED_DIRECTORY))
+        ret = 0;
+    else
+        ret = kadm5_log_replay(context, op, ver, len, sp);
     switch (ret) {
     case HDB_ERR_NOENTRY:
     case HDB_ERR_EXISTS: