Tl;Dr:
If you have some ldap server behind a firewall or simply not responding, the current
implementation of SRV lookups might make sssd to go offline & fail.
O.
From: Andy Airey [mailto:airey.andy@gmail.com]
Sent: 24 November 2015 13:17
To: End-user discussions about the System Security Services Daemon
<sssd-users(a)lists.fedorahosted.org>
Subject: [SSSD-users]Re: How do I disable SRV lookup?
Out of curiosity, what exactly is wrong with SRV lookups?
I did find some anomalies, like looking for SRV records in the correct
_ldap._tcp.site.domain.com<http://tcp.site.domain.com> but still using servers from
_ldap._tcp.domain.com<http://tcp.domain.com> ...
Andy
On 19 November 2015 at 17:02, Jakub Hrozek
<jhrozek@redhat.com<mailto:jhrozek@redhat.com>> wrote:
On Thu, Nov 19, 2015 at 03:27:46PM +0000, Ondrej Valousek wrote:
Hi list,
How do I completely disable SRV lookups? This functionality is corrupted in SSSD so I
wanted to disable it completely by defining ad servers explicitely:
ad_server = myserver1, myserver2
ldap_uri = ldap://myserver1, ldap://myserver2
subdomains_provider = none
ldap_use_tokengroups = False
ad_domain = TEST.COM<http://TEST.COM>
If you use a separate ldap_provider and GSSAPI binds, try also
hardcoding krb5_server.
However, in logs I can still see the SRV plugin in action trying to populate AD servers
automatically.
Is it possible somehow?
Many thanks,
Ondrej
-----
The information contained in this e-mail and in any attachments is confidential and is
designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to:
communications@s3group.com<mailto:communications@s3group.com>. Thank You. Silicon
and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered
Office: South County Business Park, Leopardstown, Dublin 18.
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org<mailto:sssd-users@lists.fedorahosted.org>
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
-----
The information contained in this e-mail and in any attachments is confidential and is
designated solely for the attention of the intended recipient(s). If you are not an
intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or
any part thereof. If you have received this e-mail in error, please notify the sender by
return e-mail and delete all copies of this e-mail from your computer system(s). Please
direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and
Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office:
South County Business Park, Leopardstown, Dublin 18.