Ok, I have omitted the _srv_. I know the configuration is not logical, but SSSD should bind to adsever.example.com. But it does not - it tries to do _srv_ lookup anyway. It is a small bug, but it should be fixed I think.Can you paste how exactly the ldap_uri line looks? I presume you would like to try the service discovery first and if that fails, fall back to a hardcoded hostname. In that case, ldap_uri should say: ldap_uri = _srv_, adserver.example.com
I can not agree with that statement for 2 reasons:2. SSSD is unable to detect default Kerberos realm as per /etc/krb5.conf - I have to configure it manually 3. Why do we actually need to specify Kerberos realm and KDC? Isn't /etc/krb5.conf supposed to record these kind of parameters?I think this has both historical (we used to say you don't need /etc/krb5.conf at all with SSSD) and practical reasons - there can be more SSSD domains with different realms and KDCs at the same time.