#1973 Improve global catalog DNS SRV lookups
Closed: Fixed None Opened 7 years ago by sbose.

Currently the DNS domain name of the local AD domain is used to find global catalog servers with the help of DNS SRV lookups. But to reliable find the global catalog servers not the DNS name of the local domain but the DNS name of the forest has to be used.

If the local domain is the forest root, all is working as expected. But if the local domain is some other domain in a forest this DNS SRV lookup will currently return no results.

A patch is attached to this ticket which uses the forest name, which is returned by the CLDAP ping together with the site name, for global catalog lookups.

But this patch is not complete because I still see issues if the return global catalog server is from a different DNS domain. Additionally it might be useful to reorder the returned server so that servers from the local DNS domain are queried first, because it can be assumed that they are 'nearer' than other servers.


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.10.1

Fields changed

patch: 0 => 1

Fields changed

milestone: SSSD 1.10.1 => SSSD 1.10.0

resolution: => fixed
status: new => closed

Metadata Update from @sbose:
- Issue set to the milestone: SSSD 1.10.0

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3015

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata