[Freeipa-users] dns location based discovery

Martin Basti mbasti at redhat.com
Mon May 30 16:39:10 UTC 2016 


On 30.05.2016 18:16, Winfried de Heiden wrote:
> Hi all,
> Thanks for the quick answer even though I send it to the wrong email 
> address.
> About "Please note that for AD users (which is IIRC the majority of 
> your environment), SSSD should
> already choose the right site." I noticed that, but I was curious 
> about  the IPA part as well....
>
> Now, it looks like this is going to be an item for IPA 4.4 
> (http://www.freeipa.org/page/V4/DNS_Location_Mechanism/)
> Willl it be?
Yes it will be there (unless something very very bad happen)

>
> IPA 4.4 is announced "the end of May". When can we expect Freeipa 4.4, 
> I curious to test....

Soon :)

Martin
>
> Kind regards,
>
> Winny//
> ///
>
> /
> Op 30-05-16 om 17:54 schreef Jakub Hrozek:
>> On Mon, May 30, 2016 at 05:22:33PM +0200, Sumit Bose wrote:
>>> On Mon, May 30, 2016 at 05:13:35PM +0200, Winfried de Heiden wrote:
>>>> Hi all,
>>>>
>>>> The sssd-ipa man page will tell:
>>>>
>>>>         ipa_enable_dns_sites (boolean)
>>>>             Enables DNS sites - location based service discovery.
>>>>
>>>>             If true and service discovery (see Service Discovery paragraph at
>>>> the bottom of the man page) is enabled, then the SSSD will first attempt
>>>>             location based discovery using a query that contains
>>>> "_location.hostname.example.com" and then fall back to traditional SRV
>>>> discovery. If the
>>>>             location based discovery succeeds, the IPA servers located with the
>>>> location based discovery are treated as primary servers and the IPA servers
>>>>             located using the traditional SRV discovery are used as back up
>>>> servers
>>>>
>>>> After enabling it in a EL 6.8 IPA client (together with some debugging) this
>>>> will show up in the sssd logging:
>>>>
>>>>      (Mon May 30 16:51:08 2016) [sssd[be[blabla.bla]]]
>>>>      [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service
>>>>      'ldap'. Will use DNS discovery domain '_location.ipa-client-6.blabla.bla'
>>>>      (Mon May 30 16:51:08 2016) [sssd[be[blabla.bla]]] [resolv_getsrv_send]
>>>>      (0x0100): Trying to resolve SRV record of
>>>>      '_ldap._tcp._location.ipa-client-6.blabla.bla'
>>>>
>>>> Since this option is mentioned in the sssd-ipa man page, it sugests I could
>>>> implement this location based service discovery.
>>>>
>>>> But how? Any documentation on this? How to implement on the server? How to
>>>> implement a location on the client (while running ipa-client-install)
>>>>
>>>> Hope someone can help, it would be nice a client will choose the correct server
>>>> based on it's location...
>>> In this case SSSD was a bit faster then the server side. Please monitor
>>> https://fedorahosted.org/freeipa/ticket/2008  for the progress. There is
>>> a link to a design page with more details as well.
>>>
>>> HTH
>>>
>>> bye,
>>> Sumit
>>>
>>> P.S. I changed the mailing-list address to @redhat.com.
>> btw Winfried, I saw today the case you filed. Please note that for AD
>> users (which is IIRC the majority of your environment), SSSD should
>> already choose the right site. The RFE Sumit linked is 'just' about the
>> IPA side of the equation.
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160530/07394662/attachment.htm>

More information about the Freeipa-users mailing list