URL: https://github.com/SSSD/sssd/pull/5743 Title: #5743: ad: fallback to ldap if cldap is not available in libldap
justin-stephenson commented: """ Hi, I compiled openldap-2.5.6 without CLDAP support on fedora rawhide.
* Before the PR:
~~~ (2021-08-17 14:25:02): [be[ad.vm]] [ad_cldap_ping_send] (0x0400): Sending CLDAP ping (2021-08-17 14:25:02): [be[ad.vm]] [ad_cldap_ping_domain_discovery_done] (0x0400): Found 1 domain controllers in domain ad.vm (2021-08-17 14:25:02): [be[ad.vm]] [sdap_connect_host_resolv_done] (0x0400): Connecting to cldap://root-dc.ad.vm:389 (2021-08-17 14:25:02): [be[ad.vm]] [sss_ldap_init_sys_connect_done] (0x0020): ldap_init_fd failed: Bad parameter to an ldap routine. [22][cldap://root-dc.ad.vm:389] (2021-08-17 14:25:02): [be[ad.vm]] [ad_cldap_ping_done] (0x0040): Unable to get site and forest information [2]: No such file or directory ~~~
* After the PR: ~~~ [root@master.client.vm ~]# egrep -irn 'sdap_connect_host_send|cldap' /var/log/sssd/sssd_ad.vm.log 457:(2021-08-17 15:02:17): [be[ad.vm]] [ad_cldap_ping_send] (0x0400): Sending CLDAP ping 477:(2021-08-17 15:02:17): [be[ad.vm]] [ad_cldap_ping_domain_discovery_done] (0x0400): Found 1 domain controllers in domain ad.vm 478:(2021-08-17 15:02:17): [be[ad.vm]] [sdap_connect_host_send] (0x0400): Resolving host root-dc.ad.vm 506:(2021-08-17 15:02:17): [be[ad.vm]] [ad_cldap_ping_dc_done] (0x0400): root-dc.ad.vm:389: found site (Default-First-Site-Name) and forest (ad.vm) 507:(2021-08-17 15:02:17): [be[ad.vm]] [ad_cldap_ping_done] (0x0400): Found site: Default-First-Site-Name 508:(2021-08-17 15:02:17): [be[ad.vm]] [ad_cldap_ping_done] (0x0400): Found forest: ad.vm 1330:(2021-08-17 15:02:31): [be[ad.vm]] [ad_cldap_ping_send] (0x0400): [RID#6] CLDAP ping is not necessary, using site 'Default-First-Site-Name' and forest 'ad.vm' ~~~
The only issue I see is that the 'CLDAP' ping log messages are misleading (ldap ping instead). The function names also, but changing those is not worth it IMO (too invasive for this).
I'm not sure if it should block the PR but It would also be helpful if one of the users reporting this issue could test out the patch. """
See the full comment at https://github.com/SSSD/sssd/pull/5743#issuecomment-900381991