On Wed, Aug 28, 2013 at 03:48:25PM +0200, Pavel Březina wrote: > On 08/28/2013 12:31 PM, Jakub Hrozek wrote: > >On Tue, Aug 27, 2013 at 03:10:51PM +0200, Pavel Březina wrote: > >>On 08/27/2013 02:57 PM, Jakub Hrozek wrote: > >>>On Tue, Aug 27, 2013 at 12:01:45PM +0200, Pavel Březina wrote: > >>>>On 08/18/2013 09:45 PM, Jakub Hrozek wrote: > >>>>>https://fedorahosted.org/sssd/ticket/1964 > >>>>> > >>>>>Currently the AD sites are enabled unconditionally > >>>> > >>>>Hi, > >>>>at the moment, there cannot be set two srv plugins on one fail over > >>>>context: > >>>> > >>>>[ad_failover_init] (0x0100): No primary servers defined, using > >>>>service discovery > >>>>[fo_add_srv_server] (0x0400): Adding new SRV server to service > >>>>'gc_ad.pb' using 'tcp'. > >>>>[fo_add_srv_server] (0x0400): Adding new SRV server to service > >>>>'ad.pb' using 'tcp'. > >>>>[_ad_servers_init] (0x0100): Added service discovery for AD > >>>>[be_fo_set_srv_lookup_plugin] (0x0400): Trying to set SRV lookup > >>>>plugin to AD > >>>>[sssd[be[ipa.pb]]] [fo_set_srv_lookup_plugin] (0x0080): SRV lookup > >>>>plugin is already set > >>>>[sssd[be[ipa.pb]]] [be_fo_set_srv_lookup_plugin] (0x0080): Unable to > >>>>set SRV lookup plugin, another plugin may be already in place > >>>> > >>>>So unfortunately, the change won't be that trivial :-( > >>> > >>>Ugh, sorry, I thought I tested the patch..apparently I was wrong. > >>> > >>>Maybe we can abuse the fact that IPA installer only ever puts the local > >>>replica hostname to the ipa_server parameter and not use any resolve > >>>plugin in the server mode? > >>> > >>>See attached patch. I'm wondering whether to extend it with a warning > >>>for cases where some admin overriden the ipa_server directive. > >>> > >>>Or even better, read the ipa_server list, if there is no _srv_ keyword, > >>>proceed as the attached patch, if there is a _srv_ keyword, then don't > >>>enable the AD sites? (This I think would be mostly sanity checking, I > >>>don't think anyone would run such a setup) > >> > >>This solution sounds good. > >> > >>At the moment if sssd is in ipa server mode, ipa_enable_dns_sites = > >>false (default) and _srv_ is set, no plugin is specified and srv > >>resolution won't work. Thus I will actually require you to implement > >>the last paragraph before I give it a go :-) > >> > >>Otherwise LGTM. > > > >OK, see attached patch. > > Ack.
Pushed to master. _______________________________________________ sssd-devel mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
