Tl;Dr:

If you have some ldap server behind a firewall or simply not responding, the current implementation of SRV lookups might make sssd to go offline & fail.

O.

 

From: Andy Airey [mailto:airey.andy@gmail.com]
Sent: 24 November 2015 13:17
To: End-user discussions about the System Security Services Daemon <sssd-users@lists.fedorahosted.org>
Subject: [SSSD-users]Re: How do I disable SRV lookup?

 

Out of curiosity, what exactly is wrong with SRV lookups?

I did find some anomalies, like looking for SRV records in the correct _ldap._tcp.site.domain.com but still using servers from _ldap._tcp.domain.com ...

Andy

 

On 19 November 2015 at 17:02, Jakub Hrozek <jhrozek@redhat.com> wrote:

On Thu, Nov 19, 2015 at 03:27:46PM +0000, Ondrej Valousek wrote:
> Hi list,
>
> How do I completely disable SRV lookups? This functionality is corrupted in SSSD so I wanted to disable it completely by defining ad servers explicitely:
>
>     ad_server = myserver1, myserver2
>     ldap_uri = ldap://myserver1, ldap://myserver2
>     subdomains_provider = none
>     ldap_use_tokengroups = False
>     ad_domain = TEST.COM

If you use a separate ldap_provider and GSSAPI binds, try also
hardcoding krb5_server.

>
> However, in logs I can still see the SRV plugin in action trying to populate AD servers automatically.
> Is it possible somehow?
>
> Many thanks,
>
> Ondrej
>
> -----
>
> The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.

> _______________________________________________
> sssd-users mailing list
> sssd-users@lists.fedorahosted.org
> https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org
_______________________________________________
sssd-users mailing list
sssd-users@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org

 

-----

The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications@s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.