If your application is able to check SRV records, you can definitely use that. If your client follows the spec (RFC 2782), it will try each of the returned records and will distribute queries evenly according to the weight specified in the records. Many systems will allow you to have a list of LDAP servers (for example, in PHP, you literally list them in a space-separated string). For clients that really only support a single host, we run a frontend proxy on our HAProxy servers that will forward requests to one of our IPA servers.

- Y

Sent from a device with a very small keyboard and hyperactive autocorrect.

On Thu, Mar 18, 2021, 10:11 AM Kees Bakker via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:

Hi,

We have FreeIPA with three masters. To get to the LDAP server
we can use either of the three. To configure a service you must
come up with a FQDN for the LDAP server. Until now we have
simply selected one of the three. But that's not very convenient
because we want to do maintenance on that IPA master.

What possibilities are there to have something that switches
automatically to another server? How is the SRV _ldap._tcp record
used?
--
Kees
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure