Hi list,

I have following design problem  regarding the primary  LDAP server reconnect timeout value:
from time to time we need to recreate the DB's of the primary ldap server via sync repl. Therefor we are stopping the primary LDAP,
deleting it's db files and starting it again.

The sssd client behaves as expected:

The problem here is - the primary is still not ready with its sync replication such the sss client  connects to the primary,  gets negativ
results about user, group information and returns with failing authentication responses to ssh attempts and other authentication requests.

We are searching for an  option to either let the client further connect to the  ldap backup server even if the primary LDAP server came back 
or to set a static timeout (e.g. 5 minutes) after which the client should reconnect to the primary LDAP server. 

Any idea how to accomplish this?
I already thought about setting a temporary firewall rule on the primary LDAP server.
But I would rather like to have an option on the client sides to bypass this problem.