it would be greatly helpful to indicate that the first available backup server is chosen even when active server is another backup server.
On 09/22/2014 08:34 PM, Daniel Jung wrote:
LDAP and using explicit failover
[domain/LDAP]id_provider = ldapauth_provider = ldapldap_schema = rfc2307ldap_uri = ldap://ldapserver-1ldap_backup_uri = ldap://ldapserver-2,ldap://ldapserver-3,ldap://ldapserver-4ldap_rfc2307_fallback_to_local_users = trueldap_search_base = dc=Somedomain,dc=comldap_user_search_base = ou=People,dc=Somedomain,dc=comldap_group_search_base ou=Group,dc=Somedomain,dc=comldap_tls_reqcert = demandldap_tls_cacert = /etc/openldap/cacerts/cacert.pemcache_credentials = trueentry_cache_timeout = 600enumerate = Falsemin_id = 100ldap_network_timeout = 2ldap_search_timeout = 5debug_level = 0x0070debug_microseconds = true
My test is as follows:I blocked the clients IP on port 389(using iptable) on ldapserver-1 and ldapserver-2, at which time, client connected to ldapserver-3. I unblocked clients IP on ldapserver-2 and I see that sssd is connects to ldapserver-2.
Logic is:
Prefer primary, if not available go to a first available backup server.
If you do:
block clients IP on port 389(using iptable) on ldapserver-1 and ldapserver-2, at which time, client would connect to ldapserver-3. Unblock clients IP on ldapserver-1 and ldapserver-2 and I see that sssd is connects to ldapserver-1
Thanks
On Mon, Sep 22, 2014 at 4:57 PM, Dmitri Pal <dpal@redhat.com> wrote:
On 09/22/2014 07:14 PM, Daniel Jung wrote:
Hi,
from sssd-ldap,"After this timeout SSSD will periodically try to reconnect to one of the primary servers. If it succeeds, it will replace the current active (backup) server."
I am seeing that reconnect is made to other backup servers and not just to primary servers. Quick search on the tickets on backup server didnt find anything. Was this already fixed in the recent version or is this wanted behaviour?
Running 1.9.2.11 on centos 6.5.
Thanks
_______________________________________________ sssd-users mailing list sssd-users@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users
What back end are you using? IPA, AD, basic LDAP?
Do you configure failover explicitly or use DNS discovery?
A sanitized sssd.conf would help to answer this.
-- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc.
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
-- Thank you, Dmitri Pal Sr. Engineering Manager IdM portfolio Red Hat, Inc.