Martin Basti wrote:

IPA uses SRV records for failover to another replica/LDAP.

I don't know how it works on MACs, but in case that there is no
possibility to use SRV, you may need to file a RFE ticket

Agreed, SRV records are the preferred mechanism. I was curious though so played with this a bit and it is possible to add altServer values:

$ ldapmodify -x -D 'cn=directory manager' -W
Enter LDAP Password:
changetype: modify
add: altServer
altServer: ldap://

modifying entry ""

$ ldapsearch -LLL -x -b "" -s base altServer
altServer: ldap://

My test rig is a single master so I don't know if this replicates or not.



On 19.05.2016 17:43, Guillermo Fuentes wrote:
Hello all,

As OS X allows LDAP server failover via the altServer attribute
(RFC4512) from RootDSE, it would be great to be able to configure our
Macs to connect to a single FreeIPA server and add other FreeIPA
servers as multiple altServer values.
The current schema doesn't seem to support adding this attribute.
Can this be done in a way I'm missing?

Thanks in advance!


561-880-2998 x1337 <>

[ Modernizing Medicine ] <>
[ Facebook ] <>                [
LinkedIn ] <>              
YouTube ] <>               [
Twitter ] <>                [ Blog ]
<>             [ Instagram ]

Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to