Description of problem: if sssd uses dns discovery to look for ldap servers, then the DNS zone to query for ldap server is specified with the parameter "dns_discovery_domain" in sssd.conf, and the parameter "ldap_uri" should not be declared. If "dns_discovery_domain" is specified in sssd.conf, then the configuration script 'authconfig' should not insert an "ldap_uri"in sssd.conf, which it does. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. edit sssd.conf and declare a "dns_discovery_domain" domain 2. launch "authconfig" with apropriate flags: --ldapserver="ldap.example.com" --enableshadow --enablesssd --enablesssdauth --enableldap --enableldapauth --updateall 3. "ldap_uri" Actual results: the following line has been added to sssd.conf : ldap_uri = ldap.example.com Expected results: this line should not be inserted to sssd.conf Additional info: After tshark investigations, it sounds like when both "ldap_uri" and "dns_discovery_domain" are declared in sssd.conf, then sssd uses ldap servers declared in "ldap_uri" server rather than querying the dns to look for the relevant ldap server to work with.
Authconfig cannot recognize all the possible configuration options that sssd supports. Just do not use it at all, or use it just for pam configuration - that is use --enablesssd --enablesssdauth but not --enableldap and the ldapserver and related options.
Hi Tomas, I understand your point. I'm sure that I will be able to find a workaround. However I beleived that authconfig should support some sort of "ldapdnsdiscovery" option. --- Olivier
I am sorry but we are not going to implement this feature at this time.