Dimitry,
Right now, no.
And we do not have something like this in plans.
The simplest solution is to put one of the LDAP servers into the cluster.
If you can't do that then you are stuck with what you have now.
OK.
Potentially what you want is to be able to generate SSSD cache db on
one system
and copy it around.
There is no such functionality and the problem with building one is creating
password hashes in such database in bulk (requires passwords in clear which is a
nonstarter). When users log in one by one passwords can be captured and hashed
for further use. It is hard to do in bulk.
I've thought of that, but although I will be using SSSD, it looks quite tricky
and less robust than simply copying /etc files around.
Jakub,
Would a readonly replica mitigate your security concern?
Not entirely. And it would take time to validate this kind of setup in my
situation.
I think I've got all the elements now to make an educated choice, that's all I
wanted. Thank you everybody for your answers.
Jean-Baptiste