I have setup a pair of FreeIPA 4.5.2 servers. One via
ipa-server-install, the other via ipa-replica-install. I have tried them
both as trust controllers and I have tried them in a controller/agent setup.
My problem is that no AD users can login to the self service UI on the
secondary IPA server. Is this by design, or is it merely a bug? I can
provide more details/logs/configs on request.