On Mon, Apr 11, 2016 at 02:58:06PM +0200, Lukas Slebodnik wrote:
On (11/04/16 13:39), Jakub Hrozek wrote:
>On Mon, Apr 11, 2016 at 01:12:51PM +0200, Lukas Slebodnik wrote:
>> ehlo,
>>
>> following patch help me to find out issues with GPO.
>> I think it might be useful also in other cases.
>>
>> But ideal would be if fail-over code would print port as well.
>> ATM "0" is logged as a port with AD.
>
>That's because 'port' has a special meaning in the failover code.
>It's not the networking port, but just an abstract object that binds together
>services. And we chose server 0 in the past for AD and IPA because we
>wanted to make sure that identity lookups and authentication are always
>performed against the same server to make sure we don't hit replication
>issues. Otherwise we might be talking to one DC for LDAP lookups and
>another for KDC..
Thank you for explanation.
It was very confusing to me that "server" has port but "service"
does not have a port. I would expect other way.
And I would say ti might be confusing for users when they try to troubleshoot
something. We might use different name then "port"
Yes, feel free to file a ticket to rename the internal terminology. I
already saw some users confused about using port 0, too.