I have tried using SSSD to switch between ldap provider and consumer. I have: ldap_uri = provider.example.com ldap_backup_uri = consumer.example.com It works fine, until I stop the provider to see if the clients will look at the consumer. They don't. I set ldap_uri = consume.example.com and clear the cache both via sss_cache -E and deleting all the files in /var/lib/sss/db and restart sssd. Even though it starts fine, I have ldap_uri = provider.example.com inside the journalctl -xe file and complains that can not contact the ldapserver., which is intentionally switched off. Looks like ldap_uri is hard coded some where the first time it is set. I have opened a bug report, but no replies to it at the moment. This is the link for the bug report in case anyone is interested. https://bugs.centos.org/view.php?id=11174