When more than one ldap servers are mentioned in sssd, How much times does sssd take to failover to next working ldap server

Solution Unverified - Updated -

Environment

  • Red Hat Enterprise Linux 6.3

Issue

  • When more than one ldap servers are mentioned in sssd, How much times does sssd take to failover to next working ldap server
  • Is there any way we can shorten the time of the failover to the secondary LDAP server in sssd ?

Resolution

  • The time to failover to secondary ldap server is very difficult to tell as it depends on nature of failure. If the server is refusing connections, we'll detect that pretty much instantly. If the ipaddress is reachable, but service is down for maintainance, then we have ldap_search_timeout, ldap_network_timeout, ldap_opt_timeout

  • Also when a particular ldap server is down, we mark this down for 30 seconds, so that sssd doesn't keep trying for the same server. We retry only after 30 seconds.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.