Learn more about these different git repos.
Other Git URLs
(This was originally reported as https://fedorahosted.org/freeipa/ticket/4816.)
I have consulted this with Jakub Hrozek and he claims that SSSD always generates 'zone' directive which is always set to FreeIPA domain name. Basically this is the same problem as https://fedorahosted.org/freeipa/ticket/4780 in ipa-client-install.
In fact, the zone directive should not be generated at all because nsupdate has auto-detection logic for zone value.
zone
nsupdate
This code works sometimes but it breaks when client domain is not the same as FreeIPA domain.
An easy fix would be to only use zone in the second hail-Mary iteration as we already do with 'server'.
Replying to [comment:1 jhrozek]:
An easy fix would be to only use zone in the second hail-Mary iteration as we already do with 'server'. That would make secon iteration non-functional in the same cases where it fails now. I would recommend to remove the option completely.
Replying to [comment:2 pspacek]:
Replying to [comment:1 jhrozek]: An easy fix would be to only use zone in the second hail-Mary iteration as we already do with 'server'. That would make secon iteration non-functional in the same cases where it fails now. I would recommend to remove the option completely.
Fine as long as this change is done in a major release. I would hate to break some strange deployment where the zone is actually needed.
What do you this about setting "server", do you think we should remove that, too?
Replying to [comment:3 jhrozek]:
Replying to [comment:2 pspacek]: Replying to [comment:1 jhrozek]: What do you this about setting "server", do you think we should remove that, too? IMHO current usage of server (i.e. try to do update without it and try again with explicit server = IPA server if the first attempt failed) is reasonable. It could effectivelly workaround some seriously flawed DNS configurations :-)
Replying to [comment:1 jhrozek]: What do you this about setting "server", do you think we should remove that, too? IMHO current usage of server (i.e. try to do update without it and try again with explicit server = IPA server if the first attempt failed) is reasonable. It could effectivelly workaround some seriously flawed DNS configurations :-)
server
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.13 alpha
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1206566
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=1206566 1206566]
owner: somebody => preichl
patch: 0 => 1
resolution: => fixed status: new => closed
Metadata Update from @pspacek: - Issue assigned to preichl - Issue set to the milestone: SSSD 1.13 alpha
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3582
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.