Learn more about these different git repos.
Other Git URLs
Currently the DNS domain name of the local AD domain is used to find global catalog servers with the help of DNS SRV lookups. But to reliable find the global catalog servers not the DNS name of the local domain but the DNS name of the forest has to be used.
If the local domain is the forest root, all is working as expected. But if the local domain is some other domain in a forest this DNS SRV lookup will currently return no results.
A patch is attached to this ticket which uses the forest name, which is returned by the CLDAP ping together with the site name, for global catalog lookups.
But this patch is not complete because I still see issues if the return global catalog server is from a different DNS domain. Additionally it might be useful to reorder the returned server so that servers from the local DNS domain are queried first, because it can be assumed that they are 'nearer' than other servers.
attachment 0001-Use-forest-for-GC-SRV-lookups.patch
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=974150
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=974150 974150]
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.10.1
patch: 0 => 1
milestone: SSSD 1.10.1 => SSSD 1.10.0
resolution: => fixed status: new => closed
Metadata Update from @sbose: - Issue set to the milestone: SSSD 1.10.0
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3015
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.