2.7. SSSD Clients and Active Directory DNS Site Autodiscovery
- SSSD queries SRV records from the DNS server in the AD forest. The returned records contain the names of DCs in the forest.
- SSSD sends an LDAP ping to each of these DCs. If a DC does not respond within a configured interval, the request times out and SSSD sends the LDAP ping to the next one. If the connection succeeds, the response contains information about the AD site the SSSD client belongs to.
- SSSD then queries SRV records from the DNS server to locate DCs within the site it belongs to, and connects to one of them.
ad_siteoption in the [domain] section of the
- See the sssd-ad(5) man page for details on
- For environments with a trust between Identity Management and Active Directory, see Section 5.5, “Restricting Identity Management or SSSD to Selected Active Directory Servers or Sites in a Trusted Active Directory Domain”.