> > If you do a local login instead of a kinit, you will see that SSSD will > switch to the new server and subsequent kinit will start using it. >
Ok, I checked and it works just fine for me, thanks. This dynamic discovery of freeipa servers by sssd is very elegant and smart; but I still do not understand how do you automatically switch to a replica (ipa2) if your master (ipa1) is down in some cases: - to access the freeipa web ui. You have to use an url, e.g. https://ipa1.example.com If ipa1 is down, how do you know which url to use ? - if you have other web apps that authenticate against the freeIPA LDAP server. Usually you have to provide a ldap url in the web app configuration, e.g. ldap://ipa1.example.com. What happens when ipa1 is down ? Karl > This is tracked here: > https://fedorahosted.org/sssd/ticket/941 > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
