I have filed this bug report with centos as I believe sssd has a bug with regard to ldap_uri as it does not change value affter initial starting of sssd, another words when I change the ldap_uri to another server and restart sssd it maintains the original value. Wonder if anyone else has the same encountered the same problem.
Within sssd.conf on the client side of a ldapserver I have set : ldap_uri = simple-provider.example.com ldap_backup_uri = clone-provider.example.com It works fine, but when I take down the simple-provider.example.com (all are virtual boxes), it fails to change over to the back up or secondary which is clone-provider.example.com. I clean the cahce sss_cache -E, I delete all the files under /var/lib/sss/db, and I even change the ldap_uri = clone-provider.example.com and restart sssd I still have : [838cb2] <group/member="root"> ldap_start_tls_s() failed (uri=ldaps://simple-provider.example.com): Can't contact LDAP server: Transport endpoint It is still looking at the old server simple-provider and not clone-provider. It seems once set, it can not be reconfigured. Steps To Reproduce On a virtual box, inside /etc/sssd/sssd.conf ldap_uri = simple-provider.example.com ldap_backup_uri = clone-provider.example.com initially, and start sssd, then either swith them or simply put ldap_uri = clone-provider.example.com and restart sssd, the uri = .... does not change. Additional Information authconfig --ldapserver=simple-provider.example,clone-provider.example.com has the same issue, but if you switch the two servers it will accept the first one. sssd does not seem to do so. This is the link for authconfig bug report on redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1142830 [^<https://bugzilla.redhat.com/show_bug.cgi?id=1142830>]
