Show Table of Contents
13.2.23. Creating Domains: Primary Server and Backup Servers
Identity and authentication providers for a domain can be configured for automatic failover. SSSD attempts to connect to the specified, primary server first. If that server cannot be reached, then SSSD then goes through the listed backup servers, in order.
Note
SSSD tries to connect to the primary server every 30 seconds, until the connection can be re-established, and then switches from the backup to the primary.
All of the major service areas have optional settings for primary and backup servers[3].
Table 13.11. Primary and Secondary Server Parameters
| Service Area | Primary Server Attribute | Backup Server Attribute |
|---|---|---|
| LDAP identity provider | ldap_uri | ldap_backup_uri |
| Active Directory identity provider | ad_server | ad_backup_server |
| Identity Management (IdM or IPA) identity provider | ipa_server | ipa_backup_server |
| Kerberos authentication provider | krb5_server | krb5_backup_server |
| Kerberos authentication provider | krb5_server | krb5_backup_server |
| Password change provider | ldap_chpass_uri | ldap_chpass_backup_uri |
One and only one server can be set as the primary server. (And, optionally, the primary server can be set to service discovery, using
_srv_ rather than a host name.) Multiple backup servers can be set, in a comma-separated list. The backup server list is in order of preference, so the first server listed is tried first.
[domain/EXAMPLE] id_provider = ad ad_server = ad.example.com ad_backup_server = ad1.example.com, ad-backup.example.com
[3]
Most services default to the identity provider server if a specific server for that service is not set.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.