Learn more about these different git repos.
Other Git URLs
Currently the DNS domain name of the local AD domain is used to find global catalog servers with the help of DNS SRV lookups. But to reliable find the global catalog servers not the DNS name of the local domain but the DNS name of the forest has to be used.
If the local domain is the forest root, all is working as expected. But if the local domain is some other domain in a forest this DNS SRV lookup will currently return no results.
A patch is attached to this ticket which uses the forest name, which is returned by the CLDAP ping together with the site name, for global catalog lookups.
But this patch is not complete because I still see issues if the return global catalog server is from a different DNS domain. Additionally it might be useful to reorder the returned server so that servers from the local DNS domain are queried first, because it can be assumed that they are 'nearer' than other servers.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=974150
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=974150 974150]
milestone: NEEDS_TRIAGE => SSSD 1.10.1
patch: 0 => 1
milestone: SSSD 1.10.1 => SSSD 1.10.0
resolution: => fixed
status: new => closed
Metadata Update from @sbose:
- Issue set to the milestone: SSSD 1.10.0
to comment on this ticket.