Hello everyone, I use sssd to authenticate users on redhat boxes, as a layer between pam and my ldap serverS.
User ldap accounts are announced but 3 replicated (open)ldap servers. I have declared my 3 servers in sssd.conf: ldap_uri: ldap://ldap1.example.fr,ldap://ldap2.example.fr,ldap://ldap3.example.fr That works, but I would like now to better tune the sssd failover and cache function offered by sssd, and I'm a bit stuck. Questions : 1- about the failover mecanism, I read in sssd-ldap man page : " If the resolution attempt succeeds, the back end tries to connect to a service on this machine. If the service connection attempt fails, then only this particular service is considered offline and the back end automatically switches over to the next service." I there any way to tune the "timeout" after which the bakend considers that the attempt to connect to a server has failed and therefore that it's time to try the next one ? 2- I'm a bit stuck to configure the behaviour of the boxes with regard to sssd cache (in anthother word, I have not perfectly understood under which condition sssd returns cached information rather than querying ldap and how to tune that). Intuitively, I would something like the sssd cache for an entry to be returned rather than querying ldap if : -> the cache was "recently" refreshed for that entry ( not sur what I should mean by "recently" ) -> no ldap server respond (I suspect that this would be tuned with "ldap_search_timeout" ?) Any help from anyone ? Thanks, --- Olivier _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
