HI!
On the LDAP replicas themselves I'd like to use ldapi:// [1] in parameter
ldap_uri to use the local slapd as primary server and point to the other
replicas in ldap_backup_uri.
Example:
ldap_uri = ldapi://%2Fusr%2Flocal%2Fopenldap%2Fvar%2Frun%2Fldapi
ldap_backup_uri =
ldaps://slapd2.example.com ldaps://slapd3.example.com
But in this case I can see DNS lookups sent to the DNS recursor like this:
Nov 30 00:07:57 dnsrec pdns_recursor[19180]: 2 [674869217] question for
'/usr/local/openldap/var/run/ldapi.example.com.|A' from
10.1.32.104
'/usr/local/openldap/var/run/ldapi' is the path name of the LDAPI Unix domain
socket and
example.com is in the search list in /etc/resolv.conf.
Hmm, I currently don't have access to the machine. Therefore I can't even check
whether LDAPI works at all.
=> sssd should avoid DNS lookup completely in case of ldapi:// being used
Any comments before I file a ticket?
Ciao, Michael.
[1]
https://tools.ietf.org/html/draft-chu-ldap-ldapi-00