Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.2

We will add two new options to the ipa provider: {{{ipa_dyndns_update}}} (default: {{{False}}}) and {{{ipa_dyndns_iface}}} (default: whichever interface connects to the FreeIPA LDAP server)

The logic we are going to implement is as follows:

After a connection to the FreeIPA LDAP server has been established, if dynamic DNS is enabled, we will first perform a DNS lookup against the FreeIPA server for the IP address associated with the {{{ipa_hostname}}}. We will then compare this to the IP address associated with the {{{ipa_dyndns_iface}}} (or the IP address associated with the connection to the FreeIPA LDAP server, if {{{ipa_dyndns_iface}}} is not available).

If the two IP addresses do not match, we will fork a child process to invoke the {{{nsupdate}}} command, and use GSS-TSIG, authenticated with the host keytab, to update the FreeIPA DNS server with the new IP address.

doc: 0 => 1
status: new => assigned

Fixed by f432c0b

The plan described above was changed slightly. It was decided that it makes more sense to simply attempt the update upon going online, rather than first check for differences. The overhead to check for changes in the IP was unnecessary considering that going online was a rare occurrence.

David, when adding this to the documentation, please not the two sssd.conf options listed above, and that this applies only to FreeIPA v2 with DNS set up.

cc: => obriend
fixedin: => 1.2.0
resolution: => fixed
status: assigned => closed

Fields changed

doc: 1 => 0
docupdated: 0 => 1

Fields changed

rhbz: => 0

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1410

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.