#1973 Improve global catalog DNS SRV lookups
Closed: Fixed None Opened 6 years ago by sbose.

Currently the DNS domain name of the local AD domain is used to find global catalog servers with the help of DNS SRV lookups. But to reliable find the global catalog servers not the DNS name of the local domain but the DNS name of the forest has to be used.

If the local domain is the forest root, all is working as expected. But if the local domain is some other domain in a forest this DNS SRV lookup will currently return no results.

A patch is attached to this ticket which uses the forest name, which is returned by the CLDAP ping together with the site name, for global catalog lookups.

But this patch is not complete because I still see issues if the return global catalog server is from a different DNS domain. Additionally it might be useful to reorder the returned server so that servers from the local DNS domain are queried first, because it can be assumed that they are 'nearer' than other servers.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.10.1

Fields changed

patch: 0 => 1

Fields changed

milestone: SSSD 1.10.1 => SSSD 1.10.0

resolution: => fixed
status: new => closed

Metadata Update from @sbose:
- Issue set to the milestone: SSSD 1.10.0

2 years ago

Login to comment on this ticket.