Hello Mikael,

I don't know if sssd.conf support this syntax, nor authconfig, but
that would not work for me anyway.

authconfig generates other configurations than sssd.conf such as
pam_ldap.conf for example (which does not support dns discovery).

That's why I need to launch authconfig with explicit ldap servers
(and I don't want them to be declared in ldap_uri).

---
Olivier





2013/10/11 Michael Ströder <michael@stroeder.com>
On Fri, 11 Oct 2013 14:07:31 +0200 Olivier <ldap@guillard.nom.fr> wrote
> I have reported it as an authconfig bug, I think it might also be something
> to be considered at sssd level : should'nt sssd use "dns_discovery_domain"
> to look for ldap server rather than "ldap_uri" if borth parameters are
> declared
> in sssd.conf ?

Well, why not just use LDAP URI without hostport portion for initiating a
DNS-based server lookup:

ldapuri ldap:///dc=example,dc=com

Could even suppport LDAPS

ldapuri ldaps:///dc=example,dc=com

Ciao, Michael.