Unclear what is the value though... Revisit in 2.2

The value is that it will allow FreeIPA to coexist better in mixed environments. Currently, if ActiveDirectory owns _ldap._tcp for the domain, SSSD clients cannot use service discovery.

If we provide a separate _ipa._tcp SRV record, then both Windows and SSSD clients can coexist easily.

But how you make the clients that look for ldap or kerberos suddenly look for IPA? We can do the changes to ipa-client or SSSD but not to Kerberos for example. So does it really help?

Dmitri, this is an additional feature, it should not REPLACE _ldap._tcp or _krb5._tcp, it should complement it. SSSD can be set to prefer _ipa._tcp and fall back to _ldap._tcp. Other clients can continue to use _ldap._tcp or can be enhanced to look for _ipa._tcp if they also want to avoid this ambiguity.

Right now, it would be a clear value-add for SSSD with FreeIPA.

Suggestion from Simo/Dmitri: have several records one ipa kerberos, another for ipa ldap and one for ipa rpc.

We should probably have multiple SRV records as we do still want to be able to have a ipa ldap replica (a future read only one for example) that doe snot host a krb server. So the 2 should be disjunct.

Something like ldap._tcp._ipa, _kerb5._udp._ipa, _krb5._tcp._ipa may make sense.

We should solve ticket:4998 at the same time so the randomly-selected server is printed or logged somewhere.

Also, we might think about introducing _srv_ option for /etc/ipa/default.conf so the behavior can be controlled in similar way as with SSSD.
(The option host should be multivalued, of course.).