Tl;Dr:
If you have some ldap server behind a firewall or simply not responding, the
current implementation of SRV lookups might make sssd to go offline & fail.
O.
From: Andy Airey [mailto:[email protected]]
Sent: 24 November 2015 13:17
To: End-user discussions about the System Security Services Daemon
<[email protected]>
Subject: [SSSD-users]Re: How do I disable SRV lookup?
Out of curiosity, what exactly is wrong with SRV lookups?
I did find some anomalies, like looking for SRV records in the correct
_ldap._tcp.site.domain.com<http://tcp.site.domain.com> but still using servers
from _ldap._tcp.domain.com<http://tcp.domain.com> ...
Andy
On 19 November 2015 at 17:02, Jakub Hrozek
<[email protected]<mailto:[email protected]>> wrote:
On Thu, Nov 19, 2015 at 03:27:46PM +0000, Ondrej Valousek wrote:
> Hi list,
>
> How do I completely disable SRV lookups? This functionality is corrupted in
> SSSD so I wanted to disable it completely by defining ad servers explicitely:
>
> ad_server = myserver1, myserver2
> ldap_uri = ldap://myserver1, ldap://myserver2
> subdomains_provider = none
> ldap_use_tokengroups = False
> ad_domain = TEST.COM<http://TEST.COM>
If you use a separate ldap_provider and GSSAPI binds, try also
hardcoding krb5_server.
>
> However, in logs I can still see the SRV plugin in action trying to populate
> AD servers automatically.
> Is it possible somehow?
>
> Many thanks,
>
> Ondrej
>
> -----
>
> The information contained in this e-mail and in any attachments is
> confidential and is designated solely for the attention of the intended
> recipient(s). If you are not an intended recipient, you must not use,
> disclose, copy, distribute or retain this e-mail or any part thereof. If you
> have received this e-mail in error, please notify the sender by return e-mail
> and delete all copies of this e-mail from your computer system(s). Please
> direct any additional queries to:
> [email protected]<mailto:[email protected]>. Thank You.
> Silicon and Software Systems Limited (S3 Group). Registered in Ireland no.
> 378073. Registered Office: South County Business Park, Leopardstown, Dublin
> 18.
> _______________________________________________
> sssd-users mailing list
> [email protected]<mailto:[email protected]>
> https://lists.fedorahosted.org/admin/lists/[email protected]
_______________________________________________
sssd-users mailing list
[email protected]<mailto:[email protected]>
https://lists.fedorahosted.org/admin/lists/[email protected]
-----
The information contained in this e-mail and in any attachments is confidential
and is designated solely for the attention of the intended recipient(s). If you
are not an intended recipient, you must not use, disclose, copy, distribute or
retain this e-mail or any part thereof. If you have received this e-mail in
error, please notify the sender by return e-mail and delete all copies of this
e-mail from your computer system(s). Please direct any additional queries to:
[email protected]. Thank You. Silicon and Software Systems Limited (S3
Group). Registered in Ireland no. 378073. Registered Office: South County
Business Park, Leopardstown, Dublin 18.
_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]
