Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
For backwards-compatibility with older versions of the SSSD (such
as 1.2.x), we need to be able to have our DNS SRV record lookup be
capable of falling back to using the SSSD domain name as the DNS
discovery domain.
This patch modifies our DNS lookups so that they behave as
follows:
If dns_discovery_domain is specified, it is considered
authoritative. No other discovery domains will be attempted.
If dns_discovery_domain is not specified, we first attempt to look
up the SRV records using the domain portion of the machine's
hostname. If this returns "NOTFOUND", we will try performing an
SRV record query using the SSSD domain name as the DNS discovery
domain.
https://fedorahosted.org/sssd/ticket/754
|
|
Before setting the backend to online during a reset offline request the
check_online method if the ID provider is called. If the check_online
method returns that the ID provider is still not reachable the backend
stays offline. Otherwise the backend is switched to online and the
related callbacks are run.
Additionally the check online test is called during the res_init request
because a change in /etc/resolve.conf might also make a server reachable
which was assumed offline before.
|
|
https://fedorahosted.org/sssd/ticket/691
|
|
server was unexpectedly dropped.
|
|
through SRV records) failover servers.
|
|
The service discovery used to use the SSSD domain name to perform DNS
queries. This is not an optimal solution, for example from the point of
view of authconfig.
This patch introduces a new option "dns_discovery_domain" that allows to set
the domain part of a DNS SRV query. If this option is not set, the
default behavior is to use the domain part of the machine's hostname.
Fixes: #479
|
|
|
|
Integrate the failover improvements with our back ends. The DNS domain
used in the SRV query is always the SSSD domain name.
Please note that this patch changes the default value of ldap_uri from
"ldap://localhost" to "NULL" in order to use service discovery with no
server set.
|
|
We had a hard-coded timeout of five seconds for DNS lookups in the
async resolver. This patch adds an option 'dns_resolver_timeout'
to specify this value (Default: 5)
|
|
Adds a new option that tells resolver which address family to prefer or
use exclusively.
Fixes: #404
|
|
Also update BUILD.txt
|