Learn more about these different git repos.
Other Git URLs
Let's have a forest, say AD.EXAMPLE.COM, under which there is subdomain TEST listed as a trusted subdomain, i.e. record: CN=test.ad.example.com,CN=System,DC=ad,DC=example,DC=com exists. Now let's assume this is a left-over record for a domain which has actually been removed already (so no other records in DNS or ldap or wherever exists for it)
SSSD is unable to detect the domain does not exist so is still trying to find DCs for it. It won't find any (of course), fails and goes offline.
We should make SSSD more misconfiguration friendly so it won't be that easy to confuse it.
Since we fixed #2637 the non-existing domain would only be disabled, not the whole sssd_be. I guess that would help?
Yes, that would probably do the job - however, can't confirm this as this fix hasn't found its way into RH-6 repo yet.
Patches are already in sssd-1.13.1. So you can test with copr repo. https://copr.fedoraproject.org/coprs/lslebodn/sssd-1-13/
Unfortunately I have no means how to replicate the issue (fixed the AD infrastructure here already). I think you can close this issue.
Given the last comment and also given we suspect the issue is closed in 1.13 already, I'm closing the ticket.
resolution: => worksforme status: new => closed
Metadata Update from @ondrejv2: - Issue set to the milestone: NEEDS_TRIAGE
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3883
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.