Ok, I have omitted the _srv_. I know the configuration is not
logical, but SSSD should bind to adsever.example.com. But it does
not - it tries to do _srv_ lookup anyway. It is a small bug, but it
should be fixed I think.
Can you paste how exactly the ldap_uri line looks? I presume you would
like to try the service discovery first and if that fails, fall back to
a hardcoded hostname. In that case, ldap_uri should say:
ldap_uri = _srv_, adserver.example.com
I can not agree with that statement for 2 reasons:
2. SSSD is unable to detect default Kerberos realm as per /etc/krb5.conf - I have to configure it manually
3. Why do we actually need to specify Kerberos realm and KDC? Isn't /etc/krb5.conf supposed to record these kind of parameters?
I think this has both historical (we used to say you don't need
/etc/krb5.conf at all with SSSD) and practical reasons - there can be more
SSSD domains with different realms and KDCs at the same time.
1. Man page says:
Specify the Kerberos REALM (for SASL/GSSAPI auth).
Default: System defaults, see /etc/krb5.conf
2. We do need /etc/krb5.conf as the whole rest of the OS
(automounter, openldap library, Kerberos tools) depend on it.
So I believe it should work the following way:
If no realm specified, take it from /etc/krb5.conf
If no default realm in /etc/krb5.conf defined, derive it from dns_discovery_domain
If no dns_discovery_domain parameter specified, derive it from our
default domain (i.e. the way it works now).
How does it sound?
The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s).
Please direct any additional queries to: firstname.lastname@example.org.
Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073.
Registered Office: South County Business Park, Leopardstown, Dublin 18