[Freeipa-users] dns location based discovery

Jakub Hrozek jhrozek at redhat.com
Mon May 30 15:54:15 UTC 2016 

On Mon, May 30, 2016 at 05:22:33PM +0200, Sumit Bose wrote:
> On Mon, May 30, 2016 at 05:13:35PM +0200, Winfried de Heiden wrote:
> > Hi all,
> > 
> > The sssd-ipa man page will tell:
> > 
> >        ipa_enable_dns_sites (boolean)
> >            Enables DNS sites - location based service discovery.
> > 
> >            If true and service discovery (see Service Discovery paragraph at
> > the bottom of the man page) is enabled, then the SSSD will first attempt
> >            location based discovery using a query that contains
> > "_location.hostname.example.com" and then fall back to traditional SRV
> > discovery. If the
> >            location based discovery succeeds, the IPA servers located with the
> > location based discovery are treated as primary servers and the IPA servers
> >            located using the traditional SRV discovery are used as back up
> > servers
> > 
> > After enabling it in a EL 6.8 IPA client (together with some debugging) this
> > will show up in the sssd logging:
> > 
> >     (Mon May 30 16:51:08 2016) [sssd[be[blabla.bla]]]
> >     [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service
> >     'ldap'. Will use DNS discovery domain '_location.ipa-client-6.blabla.bla'
> >     (Mon May 30 16:51:08 2016) [sssd[be[blabla.bla]]] [resolv_getsrv_send]
> >     (0x0100): Trying to resolve SRV record of
> >     '_ldap._tcp._location.ipa-client-6.blabla.bla'
> > 
> > Since this option is mentioned in the sssd-ipa man page, it sugests I could
> > implement this location based service discovery.
> > 
> > But how? Any documentation on this? How to implement on the server? How to
> > implement a location on the client (while running ipa-client-install)
> > 
> > Hope someone can help, it would be nice a client will choose the correct server
> > based on it's location...
> 
> In this case SSSD was a bit faster then the server side. Please monitor
> https://fedorahosted.org/freeipa/ticket/2008 for the progress. There is
> a link to a design page with more details as well.
> 
> HTH
> 
> bye,
> Sumit
> 
> P.S. I changed the mailing-list address to @redhat.com.

btw Winfried, I saw today the case you filed. Please note that for AD
users (which is IIRC the majority of your environment), SSSD should
already choose the right site. The RFE Sumit linked is 'just' about the
IPA side of the equation.

More information about the Freeipa-users mailing list