Dimitry, > Right now, no. > And we do not have something like this in plans. > The simplest solution is to put one of the LDAP servers into the cluster. > If you can't do that then you are stuck with what you have now.
OK. > Potentially what you want is to be able to generate SSSD cache db on one > system > and copy it around. > There is no such functionality and the problem with building one is creating > password hashes in such database in bulk (requires passwords in clear which > is a > nonstarter). When users log in one by one passwords can be captured and hashed > for further use. It is hard to do in bulk. I've thought of that, but although I will be using SSSD, it looks quite tricky and less robust than simply copying /etc files around. Jakub, > Would a readonly replica mitigate your security concern? Not entirely. And it would take time to validate this kind of setup in my situation. I think I've got all the elements now to make an educated choice, that's all I wanted. Thank you everybody for your answers. Jean-Baptiste _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
