Thank you for the report, I'll investigate this.

It seems the best place for the note is the section about deployment considerations or the prerequisites section.

Aneta,

The problem i've run into, and the support case behind this bug report, stems from the following use case:

User is setting up a replica IdM server. The main IdM server has a trust established with an AD server. If the replica is not added as a "trust agent", the attempting to auth AD users against the replica will fail. 

This gets even worse when the DNS records are set to round-robin between the master and replica IdM servers. Then 50% of the time the AD auth fails unexpectedly.

It would be great if the documentation for creating a replica would contain commands for establishing a trust OR contain some language that directs over to the trust documentation and what needs to be done for replicas of trusted servers.

Poorly worded example:
"If the IdM server you are replicating has a trust established, then go :here: and ensure that the trust agent is configured and X, Y and Z are performed on the replica so that authentication of trusted users succeeds on the replica."

-Nick

Thank you for the additional details, Nick, this helps a lot. We'll look into it.

I updated the guide and sent it for internal review.

I added the following new content:
* an IMPORTANT admonition to "4.5. Creating the Replica: Introduction" (the section is available in the 7.3 Beta guide[1])
* a new troubleshooting topic: "A.2.1. Authenticating AD Users Against a New Replica Fails"

[1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/creating-the-replica.html

To clarify comment#6: the update from this BZ is not yet available in the Beta docs.

The update has been verified. The changes will make it to the Customer Portal with the next planned update.

The updated content is now available on the Customer Portal.