30.6. Configuring Domain Failover

download PDF
SSSD attempts to connect to machines and to services separately.
When SSSD tries to connect to one of its domain backends, it first tries to resolve the hostname of a given machine. If this resolution attempt fails, the machine is considered offline, and SSSD no longer attempts to connect to this machine for any other service.
If the resolution attempt succeeds, the backend tries to connect to a service on this machine. If the service connection attempt fails, then only this particular service is considered offline and the backend automatically switches over to the next service. The machine is still considered online and might still be tried for another service.
SSSD only tries the first IP address given in the DNS A record. To find multiple servers with a single request, SSSD relies on SRV records.
Connections are retried to offline machines or services every 30 seconds, until SSSD can successfully connect to the backend.

30.6.1. Configuring Failover

Configuring failover allows SSSD to switch automatically to a different server if the primary server fails. These servers are entered as a case-insensitive, comma-separated list in the [domain/Name] sections of the /etc/sssd/sssd.conf file. The servers are listed in order of preference. This list can contain any number of servers.
For example, for a native LDAP domain:
ldap_uri = ldap://, ldap://, ldap://
The first entry, ldap://, is the primary server. If this server fails, SSSD first attempts to connect to and then
If the server parameter is not specified, then SSSD uses service discovery to try to find another server on the network.


The failover servers must be entered as a comma-separated list of values for a single key. If there are multiple keys, SSSD only recognizes the last entry.
Red Hat logoGithubRedditYoutubeTwitter


Try, buy, & sell


About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.