On 03/15/2011 09:22 AM, Rob Crittenden wrote:
We now use TLS for the LDAP connection so need to fetch the IPA CA remotely very early in the process. Because we weren't honoring the server flags when doing DNS discovery we didn't know where to fetch the CA from.

ticket 1090


Freeipa-devel mailing list
Patched code  can be simplified like this.
From a36bc4ee93d13c28f8edf2bb94eb4dbfc25be568 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Tue, 15 Mar 2011 09:12:35 -0400
Subject: [PATCH] Always consider domain and server when doing DNS discovery in client.

When not on master we weren't passing in the user-supplied domain and
server. Because of changes made that require TLS on the LDAP calls
we always need the server name early in the process to retrieve the IPA
CA certificate.

ticket 1090
 ipa-client/ipa-install/ipa-client-install |   12 ++++--------
 1 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 720e8135326c12aedebf11d958370e5f5d839be2..4ff4c458eb127efab967ee36e0463717a2848e61 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -684,10 +684,8 @@ def main():
     # Create the discovery instance
     ds = ipaclient.ipadiscovery.IPADiscovery()
-    if options.on_master:
-        ret = ds.search(domain=options.domain, server=options.server)
-    else:
-        ret = ds.search()
+    ret = ds.search(domain=options.domain, server=options.server)
     if ret == -10:
         print >>sys.stderr, "Can't get the fully qualified name of this host"
         print >>sys.stderr, "Please check that the client is properly configured"
@@ -703,10 +701,8 @@ def main():
             print "DNS discovery failed to determine your DNS domain"
             cli_domain = user_input("Please provide the domain name of your IPA server (ex: example.com)", allow_empty = False)
             logging.debug("will use domain: %s\n", cli_domain)
-        if options.on_master:
-            ret = ds.search(domain=cli_domain, server=options.server)
-        else:
-            ret = ds.search(domain=cli_domain)
+        ret = ds.search(domain=cli_domain, server=options.server)
     if not cli_domain:
         if ds.getDomainName():
             cli_domain = ds.getDomainName()

Freeipa-devel mailing list

Reply via email to