it would be greatly helpful to indicate that the first available backup
server is chosen even when active server is another backup server.
On Sep 22, 2014 6:46 PM, "Dmitri Pal" <dpal(a)redhat.com> wrote:
On 09/22/2014 08:34 PM, Daniel Jung wrote:
LDAP and using explicit failover
[domain/LDAP]
id_provider = ldap
auth_provider = ldap
ldap_schema = rfc2307
ldap_uri = ldap://ldapserver-1
ldap_backup_uri =
ldap://ldapserver-2,ldap://ldapserver-3,ldap://ldapserver-4
ldap_rfc2307_fallback_to_local_users = true
ldap_search_base = dc=Somedomain,dc=com
ldap_user_search_base = ou=People,dc=Somedomain,dc=com
ldap_group_search_base ou=Group,dc=Somedomain,dc=com
ldap_tls_reqcert = demand
ldap_tls_cacert = /etc/openldap/cacerts/cacert.pem
cache_credentials = true
entry_cache_timeout = 600
enumerate = False
min_id = 100
ldap_network_timeout = 2
ldap_search_timeout = 5
debug_level = 0x0070
debug_microseconds = true
My test is as follows:
I blocked the clients IP on port 389(using iptable) on ldapserver-1 and
ldapserver-2, at which time, client connected to ldapserver-3. I unblocked
clients IP on ldapserver-2 and I see that sssd is connects to ldapserver-2.
Logic is:
Prefer primary, if not available go to a first available backup server.
If you do:
block clients IP on port 389(using iptable) on ldapserver-1 and
ldapserver-2, at which time, client would connect to ldapserver-3. Unblock
clients IP on ldapserver-1 and ldapserver-2 and I see that sssd is
connects to ldapserver-1
Thanks
On Mon, Sep 22, 2014 at 4:57 PM, Dmitri Pal <dpal(a)redhat.com> wrote:
> On 09/22/2014 07:14 PM, Daniel Jung wrote:
>
> Hi,
>
> from sssd-ldap,
> "After this timeout SSSD will periodically try to reconnect to one of the
> primary servers. If it succeeds, it will replace the current active
> (backup) server."
>
> I am seeing that reconnect is made to other backup servers and not just
> to primary servers. Quick search on the tickets on backup server didnt find
> anything. Was this already fixed in the recent version or is this wanted
> behaviour?
>
> Running 1.9.2.11 on centos 6.5.
>
> Thanks
>
>
> _______________________________________________
> sssd-users mailing
listsssd-users@lists.fedorahosted.orghttps://lists.fedorahosted.org/mailman/listinfo/sssd-users
>
>
> What back end are you using? IPA, AD, basic LDAP?
> Do you configure failover explicitly or use DNS discovery?
>
> A sanitized sssd.conf would help to answer this.
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IdM portfolio
> Red Hat, Inc.
>
>
> _______________________________________________
> sssd-users mailing list
> sssd-users(a)lists.fedorahosted.org
>
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.