[Freeipa-users] SSSD in redundant configuration
Jan Pazdziora
jpazdziora at redhat.com
Fri Mar 20 10:06:04 UTC 2015
On Wed, Mar 18, 2015 at 01:11:44PM -0400, Rob Crittenden wrote:
> On Wed, Mar 18, 2015 at 17:40:19 +0100, Andrew Holway wrote:
> >
> > Im wondering how we should be handing SSSD for redundant configurations
> > on our freeipa clients. We have three freeipa servers; how can we make
> > SSSD check another freeipa in the event that one goes down?
> >
> > [...]
> >
> > ipa_server = _srv_, test-freeipa-2.cloud.domain.de
>
> _srv_ tells SSSD to check DNS for SRV records. The trailing server gives
> it a hardcoded fallback in case DNS fails for some reason. Their current
> configuration is correct.
However, it does not set priority for the preferred IPA server which
can be useful if they are in different geos and by default you want
the traffic to go to the local server. In that case
ipa_server = test-freeipa-2.cloud.domain.de, _srv_
might actually be preferred.
--
Jan Pazdziora
Principal Software Engineer, Identity Management Engineering, Red Hat
More information about the Freeipa-users
mailing list