Learn more about these different git repos.
Other Git URLs
In the failover, we treat both KDC and LDAP on the IPA server as a single "port", numbered 0. This was done in order to make sure that the SSSD always talks to the same server for both LDAP and Kerberos.
However, this clever hack breaks when the IPA provider needs to establish an GSSAPI encrypted LDAP connection because we're asking the fail over code to yield a server while no server has yet been marked as tried. This triggers a fail over for the KDC, so in effect, the TGT is received from second server.
If the second server is not available for some reason, the whole provider goes offline.
The fail over needs to detect that the server asked for is still being resolved and return the same pointer.
Fields changed
owner: somebody => jhrozek status: new => assigned
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=845253
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=845253 845253]
milestone: NEEDS_TRIAGE => SSSD 1.9.0
master: 10a6760
milestone: SSSD 1.9.0 => SSSD 1.9.0 RC1 resolution: => fixed status: assigned => closed
Metadata Update from @jhrozek: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.9.0 beta 7
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2489
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.