<html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">On 30.05.2016 18:16, Winfried de Heiden wrote: </div> <blockquote cite="mid:330ebb09-ce59-77a0-65f6-6a1a917ff663@dds.nl" type="cite"> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> Hi all, Thanks for the quick answer even though I send it to the wrong email address. About "Please note that for AD users (which is IIRC the majority of your environment), SSSD should already choose the right site." I noticed that, but I was curious about the IPA part as well.... Now, it looks like this is going to be an item for IPA 4.4 (<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.freeipa.org/page/V4/DNS_Location_Mechanism/"><a class="moz-txt-link-freetext" href="http://www.freeipa.org/page/V4/DNS_Location_Mechanism/">http://www.freeipa.org/page/V4/DNS_Location_Mechanism/</a></a>) Willl it be? </blockquote> Yes it will be there (unless something very very bad happen) <blockquote cite="mid:330ebb09-ce59-77a0-65f6-6a1a917ff663@dds.nl" type="cite"> IPA 4.4 is announced "the end of May". When can we expect Freeipa 4.4, I curious to test.... </blockquote> Soon :) Martin <blockquote cite="mid:330ebb09-ce59-77a0-65f6-6a1a917ff663@dds.nl" type="cite"> Kind regards, Winny <div class="moz-cite-prefix">Op 30-05-16 om 17:54 schreef Jakub Hrozek: </div> <blockquote cite="mid:20160530155415.GC18297@hendrix" type="cite"> <pre wrap="">On Mon, May 30, 2016 at 05:22:33PM +0200, Sumit Bose wrote: </pre> <blockquote type="cite"> <pre wrap="">On Mon, May 30, 2016 at 05:13:35PM +0200, Winfried de Heiden wrote: </pre> <blockquote type="cite"> <pre wrap="">Hi all, The sssd-ipa man page will tell: ipa_enable_dns_sites (boolean) Enables DNS sites - location based service discovery. If true and service discovery (see Service Discovery paragraph at the bottom of the man page) is enabled, then the SSSD will first attempt location based discovery using a query that contains "_location.hostname.example.com" and then fall back to traditional SRV discovery. If the location based discovery succeeds, the IPA servers located with the location based discovery are treated as primary servers and the IPA servers located using the traditional SRV discovery are used as back up servers After enabling it in a EL 6.8 IPA client (together with some debugging) this will show up in the sssd logging: (Mon May 30 16:51:08 2016) [sssd[be[blabla.bla]]] [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'ldap'. Will use DNS discovery domain '_location.ipa-client-6.blabla.bla' (Mon May 30 16:51:08 2016) [sssd[be[blabla.bla]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp._location.ipa-client-6.blabla.bla' Since this option is mentioned in the sssd-ipa man page, it sugests I could implement this location based service discovery. But how? Any documentation on this? How to implement on the server? How to implement a location on the client (while running ipa-client-install) Hope someone can help, it would be nice a client will choose the correct server based on it's location... </pre> </blockquote> <pre wrap="">In this case SSSD was a bit faster then the server side. Please monitor <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/2008">https://fedorahosted.org/freeipa/ticket/2008</a> for the progress. There is a link to a design page with more details as well. HTH bye, Sumit P.S. I changed the mailing-list address to @redhat.com. </pre> </blockquote> <pre wrap="">btw Winfried, I saw today the case you filed. Please note that for AD users (which is IIRC the majority of your environment), SSSD should already choose the right site. The RFE Sumit linked is 'just' about the IPA side of the equation. </pre> </blockquote> <fieldset class="mimeAttachmentHeader"></fieldset> </blockquote> </body> </html>