Dmitri Pal wrote:
Does ipa-client-install bring admin utils? What is its purpose?It configures the machine to be an IPA client. It configures nss_ldap, etc. It also creates some configuration files we need such as what IPA server to talk to and the CA cert for that server.I though the sequence of operations would be somewhat (do not look at the names, I do not expect them to be exactly as I put them): yum install ipa-client-enrollment ipa-enroll ... The enroll will also do some configuration as it used to do in v1 but other than that I expected the mentioned sequence. I scanned quickly through the patch but was not able to see whether things work as I expect or not.I did this as a separate step. It can be included in the ipa-client-install sequence though it currently is not.IMO the logic should be a bit reverse. The enrollment script should invoke the old IPA client installation script (somewhere at the beginning of the enrollment process) internally if SSSD is not detected. If SSSD is detected it should configure IPA back end as a part of the enrollment and not touch nss_ldap in this case. Optionally we probably can configure automount or some other maps (but I am not sure that was/is a requirement at the moment).
This patch covers just host enrollment, no other settings. rob
Description: S/MIME Cryptographic Signature
_______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel