Dear Alexander, We're wondering that too, there's obviously a disparity between the domain that either end is issuing the LDAP ticket for, and the SRV records for the `virt.in.bmrc.ox.ac.uk` domain all point to the LDAP endpoint. Do i need specific SRV records for ldaps and not ldap? I earlier attached a screenshot of our domain setup for the VIRT subdomain.
I fear the opposite may be the case and the client is requesting the correct one but the ldap server is defaulting to the root domain not the subdomain. Regards, Callum -- Callum Smith Research Computing Core Wellcome Trust Centre for Human Genetics University of Oxford e. cal...@well.ox.ac.uk<mailto:cal...@well.ox.ac.uk> On 11 Mar 2019, at 16:19, Alexander Bokovoy <aboko...@redhat.com<mailto:aboko...@redhat.com>> wrote: On ma, 11 maalis 2019, Callum Smith wrote: Locally on the IPA server I note that doing an ldapsearch using GSSAPI works, if i use the ldap host: ldaps://ipa-b.in.bmrc.ox.ac.uk/ but not: ldaps://ipa-b.virt.in.bmrc.ox.ac.uk/ Since the client can only access the network that is ipa-b.virt.in.bmrc.ox.ac.uk it needs to be able to communicate to LDAP via that hostname. Is this actually possible, since the TGT is _always_ going to be on ipa-b.$domain because of the nsslapd-localhost entry? Question I have is why the client actually chooses ldap/ipa-b.$domain itself? This is probably the easiest place to change since it is driven by the DNS discovery so you can influence by whatever is put in the DNS SRV records. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org