Red Hat Bugzilla – Bug 1291240
[RFE] Support Read-Only Replicas
Last modified: 2018-04-18 00:06:53 EDT
Identity Management users with many sites requiring high availability would need at least 1-2 IdM replicas per site. When the number of sites is higher than 20-50, the number of IdM Master servers become too high and harder to maintain. It would be better to deploy ~20 IdM master servers in the major sites and then deploy Read Only replicas in other sites which won't require write access. Currently, IdM only supports only writable replicas and the high availability is provided by these replicas + offline caching on the client (SSSD) side. However, this does not cover situations when the connection to IdM master server (in other side) is broken and admin needs to log in to a server he/she never logged to.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/5569
This story is a long way.... Read only replica's would be high appreciated! Quit some organizations use a read only Windows Domain Controller in DMZ for obvious reason. Some kind of read-only replica's would fit this situation :)
(In reply to W. de Heiden from comment #16) > This story is a long way.... > Read only replica's would be high appreciated! Quit some organizations use a > read only Windows Domain Controller in DMZ for obvious reason. Some kind of > read-only replica's would fit this situation :) You're completely right. The adoption of this product is limited due to this issue. Another example is premises (write master) -> Cloud (read-only replica).