mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
On a master configure sssd to only talk to the local master.
Otherwise it is possible for sssd to pick a different master to communicate with via the DNS SRV records and if the remote master goes down the local one will have problems as well. ticket https://fedorahosted.org/freeipa/ticket/1187
This commit is contained in:
parent
5f23c29d70
commit
d0af8b28d7
@ -528,7 +528,11 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options):
|
||||
domain = sssdconfig.new_domain(cli_domain)
|
||||
domain.add_provider('ipa', 'id')
|
||||
|
||||
domain.set_option('ipa_server', '_srv_, %s' % cli_server)
|
||||
if not options.on_master:
|
||||
domain.set_option('ipa_server', '_srv_, %s' % cli_server)
|
||||
else:
|
||||
# the master should only use itself for Kerberos
|
||||
domain.set_option('ipa_server', cli_server)
|
||||
domain.set_option('ipa_domain', cli_domain)
|
||||
if options.hostname:
|
||||
domain.set_option('ipa_hostname', options.hostname)
|
||||
|
Loading…
Reference in New Issue
Block a user