I have tried using SSSD to switch between ldap provider and consumer.
I have:
ldap_uri = provider.example.com
ldap_backup_uri = consumer.example.com
It works fine, until I stop the provider to see if the clients will look at the consumer. They don't.
I set ldap_uri = consume.example.com and clear the cache both via sss_cache -E and deleting all the files in /var/lib/sss/db and restart sssd.
Even though it starts fine, I have ldap_uri = provider.example.com inside the journalctl -xe file and complains that can not contact the ldapserver., which is intentionally switched off. Looks like ldap_uri is hard coded some where the first time it is set.
I have opened a bug report, but no replies to it at the moment. This is the link for the bug report in case anyone is interested.
Am Mon, 18 Jul 2016 16:03:22 +0000 schrieb Kaveh Ehsani kee2006@med.cornell.edu:
I have tried using SSSD to switch between ldap provider and consumer.
I have:
ldap_uri = provider.example.com
ldap_backup_uri = consumer.example.com
It works fine, until I stop the provider to see if the clients will look at the consumer. They don't.
[...]
sssd is not the best solution for load balancing. You may run sssd(8) in debugging mode in order to get more information.
-Dieter
Dieter Klünter wrote:
Am Mon, 18 Jul 2016 16:03:22 +0000 schrieb Kaveh Ehsani kee2006@med.cornell.edu:
I have tried using SSSD to switch between ldap provider and consumer.
I have:
ldap_uri = provider.example.com
ldap_backup_uri = consumer.example.com
It works fine, until I stop the provider to see if the clients will look at the consumer. They don't.
[...]
sssd is not the best solution for load balancing. You may run sssd(8) in debugging mode in order to get more information.
sssd could be blamed for lots of subtle bugs. But fail-over works with sssd 1.9+ reasonable well even with stupid DNS round-robin.
The original poster did not provide any useful information at all. So it's impossible to give a meaningful answer.
https://fedorahosted.org/sssd/wiki/Troubleshooting
Also this question is surely better asked on sssd-users mailing list.
Ciao, Michael.
openldap-technical@openldap.org
-
Dieter Klünter -
Kaveh Ehsani -
Michael Ströder