Description of problem:
if sssd uses dns discovery to look for ldap servers, then
the DNS zone to query for ldap server is specified with
the parameter "dns_discovery_domain" in sssd.conf, and the
parameter "ldap_uri" should not be declared.
If "dns_discovery_domain" is specified in sssd.conf, then
the configuration script 'authconfig' should not insert an
"ldap_uri"in sssd.conf, which it does.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. edit sssd.conf and declare a "dns_discovery_domain" domain
2. launch "authconfig" with apropriate flags: --ldapserver="ldap.example.com" --enableshadow --enablesssd --enablesssdauth --enableldap --enableldapauth --updateall
the following line has been added to sssd.conf :
ldap_uri = ldap.example.com
this line should not be inserted to sssd.conf
After tshark investigations, it sounds like when both "ldap_uri" and "dns_discovery_domain" are declared in sssd.conf, then sssd uses ldap servers declared in "ldap_uri" server rather than querying the dns to look for the relevant ldap server to work with.
Authconfig cannot recognize all the possible configuration options that sssd supports. Just do not use it at all, or use it just for pam configuration - that is use --enablesssd --enablesssdauth but not --enableldap and the ldapserver and related options.
I understand your point. I'm sure that I will be able to find a workaround.
However I beleived that authconfig should support some sort of "ldapdnsdiscovery" option.
I am sorry but we are not going to implement this feature at this time.