Configuring Failover

Configuring failover allows SSSD to switch automatically to a different server if the primary server fails. These servers are entered as a case-insensitive, comma-separated list in the [domain/Name] sections of the /etc/sssd/sssd.conf file. The servers are listed in order of preference. This list can contain any number of servers.

For example, for a native LDAP domain:

ldap_uri = ldap://ldap0.example.com, ldap://ldap1.example.com, ldap://ldap2.example.com

The first entry, ldap://ldap0.example.com, is the primary server. If this server fails, SSSD first attempts to connect to ldap1.example.com and then ldap2.example.com.

If the server parameter is not specified, then SSSD uses service discovery to try to find another server on the network.

The failover servers must be entered as a comma-separated list of values for a single key. If there are multiple keys, SSSD only recognizes the last entry.