5.4. Configuring DNS Service Discovery
DNS service discovery enables applications to check the SRV records in a given domain for certain services of a certain type, and then returns any servers that match the required type. If the identity or authentication server is not explicitly defined in the /etc/sssd/sssd.conf
file, SSSD can discover the server dynamically using DNS service discovery.
For example, if sssd.conf
includes the id_provider = ldap
setting, but the ldap_uri
option does not specify any host name or IP address, SSSD uses DNS service discovery to discover the server dynamically.
SSSD cannot dynamically discover backup servers, only the primary server.
Conditions préalables
-
root
access
Procédure
-
Open the
/etc/sssd/sssd.conf
file. Set the primary server value to
_srv_
.For an LDAP provider, the primary server is set using the
ldap_uri
option:[domain/your-domain-name] id_provider = ldap ldap_uri = _srv_
Enable service discovery in the password change provider by setting a service type:
[domain/your-domain-name] id_provider = ldap ldap_uri = _srv_ chpass_provider = ldap ldap_chpass_dns_service_name = ldap
-
Optional: By default, the service discovery uses the domain portion of the system host name as the domain name. To use a different DNS domain, specify the domain name by using the
dns_discovery_domain
option. -
Optional: By default, the service discovery scans for the LDAP service type. To use a different service type, specify the type by using the
ldap_dns_service_name
option. -
Optional: By default, SSSD attempts to look up an IPv4 address. If the attempt fails, SSSD attempts to look up an IPv6 address. To customize this behavior, use the
lookup_family_order
option. For every service with which you want to use service discovery, add a DNS record to the DNS server:
_service._protocol._domain TTL priority weight port host_name
Ressources supplémentaires
- RFC 2782 on DNS service discovery
-
The
sssd.conf(5)
man page