#2393 failover: enable different dns discovery domain for AD subdomains
Opened 4 years ago by pbrezina. Modified 2 years ago

Current SRV AD plugin does not allow to set different dns discovery domains for trusted subdomains if dns_discovery_domain is set in sssd.conf. Therefore if the option is present, we always look up directory controllers in the domain configured in dns_discovery_domain. This means that the obtained servers for subdomains are wrong and we are not able to look up users and groups (unless the found dc is also gc).

Fields changed

blocking: => #2394

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.13 beta

Fields changed

rhbz: => 0

Fields changed

mark: => 0

This would be nice to have, but requires quite a bit of refactoring of the failover code.

milestone: SSSD 1.13 beta => SSSD 1.13 backlog

Mass-moving tickets not planned for the 1.13 release to 1.14

milestone: SSSD 1.13 backlog => SSSD 1.14 beta

This would be nice to have, but the changes required for the failover and responder refactoring are not scoped for the 1.14 release.

milestone: SSSD 1.14 beta => SSSD 1.15 beta
sensitive: => 0

Metadata Update from @pbrezina:
- Issue marked as blocked by: #2394
- Issue set to the milestone: SSSD Future releases (no date set yet)

2 years ago

Login to comment on this ticket.