[Freeipa-users] Replication for sites not using FreeIPA for DNS?
Stephen Gallagher
sgallagh at redhat.com
Wed Jan 18 19:08:24 UTC 2012
On Wed, 2012-01-18 at 12:17 -0500, Ian Levesque wrote:
> Hello,
>
> I'm running IPA version 2.1.3-9 on RHEL 6.2 and just configured
> master/master replication. From what I can tell in the documentation
> [1], all of the client-discovering-a-replica magic happens via SRV
> records in DNS. This is quite different from what I'm used to, coming
> from managing an Open Directory service in which the replicated
> server's FQDN is passed on to the client through LDAP as an additional
> LDAP/KDC server to add to the client's local config.
>
> My question is how can I take advantage of replication if we're not
> using the FreeIPA-blessed DNS server? Do I need to manually tweak the
> SSSD config to make it aware of a second LDAP/KDC server? Is there a
> hidden flag I can pass ipa-client-install to do this for me?
In addition to Dmitri's comments (and mine in the "Forcing IPA clients
to prioritise different IPA Servers" thread) you should be aware that
just because you're not using FreeIPA as the DNS server, it doesn't mean
that you can't use SRV records to solve this problem.
The SRV records are looked up on whatever DNS server is configured
in /etc/resolv.conf. So if you ask your DNS administrator to add SRV
records for your FreeIPA replicas, you can still continue this way.
Otherwise, your best bet is to edit the sssd.conf directly (for now. As
Dmitri says, we're looking at other approaches for future FreeIPA
releases).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120118/e6a0e14e/attachment.sig>
More information about the Freeipa-users
mailing list