<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Carlito">Hi all,</font><br>
<font face="Carlito"><br>
I've been playing on this topic but one can implement services
discovery. Allthough it looks a bit dirty, you add _sites support
to IPA by manually create a DNS zone, something like:</font><br>
<font face="Carlito"><br>
_tcp.locationX._sites.example.com</font><br>
<font face="Carlito">and</font><br>
<font face="Carlito">_tcp.locationY._sites.example.com</font><br>
<br>
<font face="Carlito">and put two SRV records, _ldap en _kerberos, in
it.</font><br>
<font face="Carlito"><br>
Now, add "dns_discovery_domain = </font><font face="Carlito">locationX._sites.example.com"
or </font><font face="Carlito">"dns_discovery_domain = </font><font
face="Carlito">locationY._sites.example.com"</font><br>
<font face="Carlito"><br>
</font>dns location based discovery is there...?<br>
<br>
Just curious....!<br>
<br>
Winny<br>
<font face="Carlito"><br>
</font>
<div class="moz-cite-prefix">Op 30-05-16 om 18:39 schreef Martin
Basti:<br>
</div>
<blockquote
cite="mid:745f6efb-e27a-ec4b-b7dd-b48a7b23b2ba@redhat.com"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<br>
<br>
<br>
<br>
<div class="moz-cite-prefix">On 30.05.2016 18:16, Winfried de
Heiden wrote:<br>
</div>
<blockquote cite="mid:330ebb09-ce59-77a0-65f6-6a1a917ff663@dds.nl"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<font face="Carlito">Hi all,</font><br>
<font face="Carlito">Thanks for the quick answer even though I
send it to the wrong email address.</font><br>
<font face="Carlito">About "Please note that for AD users (which
is IIRC the majority of your environment), SSSD should<br>
already choose the right site." I noticed that, but I was
curious about the IPA part as well....<br>
</font><br>
<font face="Carlito">Now, it looks like this is going to be an
item for IPA 4.4 (</font><font face="Carlito"><a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.freeipa.org/page/V4/DNS_Location_Mechanism/"><a class="moz-txt-link-freetext" href="http://www.freeipa.org/page/V4/DNS_Location_Mechanism/">http://www.freeipa.org/page/V4/DNS_Location_Mechanism/</a></a>)
</font><br>
<font face="Carlito">Willl it be?</font><br>
</blockquote>
<font face="Carlito">Yes it will be there (unless something very
very bad happen)<br>
<br>
</font>
<blockquote cite="mid:330ebb09-ce59-77a0-65f6-6a1a917ff663@dds.nl"
type="cite"> <font face="Carlito"><br>
IPA 4.4 is announced "the end of May". When can we expect
Freeipa 4.4, I curious to test....</font><br>
</blockquote>
<br>
<font face="Carlito">Soon :)<br>
<br>
Martin<br>
</font>
<blockquote cite="mid:330ebb09-ce59-77a0-65f6-6a1a917ff663@dds.nl"
type="cite"> <br>
<font face="Carlito">Kind regards,</font><br>
<br>
<font face="Carlito">Winny</font><em> </em><br>
<em></em><em><br>
<br>
</em>
<div class="moz-cite-prefix">Op 30-05-16 om 17:54 schreef Jakub
Hrozek:<br>
</div>
<blockquote cite="mid:20160530155415.GC18297@hendrix"
type="cite"> <br>
On Mon, May 30, 2016 at 05:22:33PM +0200, Sumit Bose wrote:
<br>
<blockquote type="cite"> <br>
On Mon, May 30, 2016 at 05:13:35PM +0200, Winfried de Heiden
wrote:
<br>
<blockquote type="cite"> <br>
Hi all,
The sssd-ipa man page will tell:
ipa_enable_dns_sites (boolean)
Enables DNS sites - location based service
discovery.
If true and service discovery (see Service
Discovery paragraph at
the bottom of the man page) is enabled, then the SSSD will
first attempt
location based discovery using a query that
contains
"_location.hostname.example.com" and then fall back to
traditional SRV
discovery. If the
location based discovery succeeds, the IPA
servers located with the
location based discovery are treated as primary servers
and the IPA servers
located using the traditional SRV discovery are
used as back up
servers
After enabling it in a EL 6.8 IPA client (together with
some debugging) this
will show up in the sssd logging: (Mon May 30 16:51:08
2016) [sssd[be[blabla.bla]]]
[resolv_discover_srv_next_domain] (0x0400): SRV resolution
of service 'ldap'. Will use DNS discovery domain
'_location.ipa-client-6.blabla.bla' (Mon May 30 16:51:08
2016) [sssd[be[blabla.bla]]] [resolv_getsrv_send]
(0x0100): Trying to resolve SRV record of
'_ldap._tcp._location.ipa-client-6.blabla.bla'
Since this option is mentioned in the sssd-ipa man page,
it sugests I could
implement this location based service discovery.
But how? Any documentation on this? How to implement on
the server? How to
implement a location on the client (while running
ipa-client-install)
Hope someone can help, it would be nice a client will
choose the correct server
based on it's location...
<br>
</blockquote>
<br>
In this case SSSD was a bit faster then the server side.
Please monitor
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://fedorahosted.org/freeipa/ticket/2008">https://fedorahosted.org/freeipa/ticket/2008</a>
for the progress. There is
a link to a design page with more details as well.
HTH
bye,
Sumit
P.S. I changed the mailing-list address to @redhat.com.
<br>
</blockquote>
<br>
btw Winfried, I saw today the case you filed. Please note that
for AD
users (which is IIRC the majority of your environment), SSSD
should
already choose the right site. The RFE Sumit linked is 'just'
about the
IPA side of the equation.
<br>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>