On Tue, Aug 27, 2013 at 12:01:45PM +0200, Pavel Březina wrote:
On 08/18/2013 09:45 PM, Jakub Hrozek wrote:
https://fedorahosted.org/sssd/ticket/1964
Currently the AD sites are enabled unconditionally
Hi, at the moment, there cannot be set two srv plugins on one fail over context:
[ad_failover_init] (0x0100): No primary servers defined, using service discovery [fo_add_srv_server] (0x0400): Adding new SRV server to service 'gc_ad.pb' using 'tcp'. [fo_add_srv_server] (0x0400): Adding new SRV server to service 'ad.pb' using 'tcp'. [_ad_servers_init] (0x0100): Added service discovery for AD [be_fo_set_srv_lookup_plugin] (0x0400): Trying to set SRV lookup plugin to AD [sssd[be[ipa.pb]]] [fo_set_srv_lookup_plugin] (0x0080): SRV lookup plugin is already set [sssd[be[ipa.pb]]] [be_fo_set_srv_lookup_plugin] (0x0080): Unable to set SRV lookup plugin, another plugin may be already in place
So unfortunately, the change won't be that trivial :-(
Ugh, sorry, I thought I tested the patch..apparently I was wrong.
Maybe we can abuse the fact that IPA installer only ever puts the local replica hostname to the ipa_server parameter and not use any resolve plugin in the server mode?
See attached patch. I'm wondering whether to extend it with a warning for cases where some admin overriden the ipa_server directive.
Or even better, read the ipa_server list, if there is no _srv_ keyword, proceed as the attached patch, if there is a _srv_ keyword, then don't enable the AD sites? (This I think would be mostly sanity checking, I don't think anyone would run such a setup)