On 10/02/2013 05:24 PM, Martin Kosek wrote: > On 10/02/2013 05:17 PM, Petr Vobornik wrote: >> On 09/18/2013 06:42 PM, Ana Krivokapic wrote: >>> Hello, >>> >>> This patch addresses ticket https://fedorahosted.org/freeipa/ticket/3908. >>> >>> >> >> The patch does what it advertises - it uses fqdn every time for mcsdcs SRV >> records. >> >> It's not consistent with other DNS SRV records, where fqdn is used only when >> IPA server is not in the IPA DNS domain. >> >> bindinstance.py uses this code to address the same issue: >> >> host, zone = fqdn.split(".", 1) >> >> if normalize_zone(zone) == normalize_zone(self.domain): >> host_in_rr = host >> else: >> host_in_rr = normalize_zone(fqdn) >> >> Alexander suggests the same solution >> <https://fedorahosted.org/freeipa/ticket/3908#comment:1> > > Yes, I think we should be fixed. > > When I was looking at the AD SRV records using this patch, it just look > confusing - some records relative, some were absolute. This could bite us > later > when for example removing or changing these records. > > Martin >
Given we need to fix that soon and Ana is away ATM, I am sending my candidate patch - worked for me. Martin
From 5248f99f5d2a2e5bcd0903899ccad6783ca2add0 Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Thu, 3 Oct 2013 09:43:08 +0200 Subject: [PATCH] Use FQDN when creating MSDCS SRV records When IPA server hostname is outside of default DNS domain, instead of relative domain name, FQDN should be used. https://fedorahosted.org/freeipa/ticket/3908 --- ipaserver/install/adtrustinstance.py | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/ipaserver/install/adtrustinstance.py b/ipaserver/install/adtrustinstance.py index 5839b2f176bc7680fb6d63c9b0321b271e82ef71..586e03165dbc9866509a83e434914b6f00da2f5f 100644 --- a/ipaserver/install/adtrustinstance.py +++ b/ipaserver/install/adtrustinstance.py @@ -31,6 +31,7 @@ from ipaserver.install.bindinstance import get_rr, add_rr, del_rr, \ dns_zone_exists from ipalib import errors, api +from ipalib.util import normalize_zone from ipapython.dn import DN from ipapython import sysrestore from ipapython import ipautil @@ -506,13 +507,19 @@ def __add_dns_service_records(self): """ zone = self.domain_name - host = self.fqdn.split(".")[0] + host, host_domain = self.fqdn.split(".", 1) + + if normalize_zone(zone) == normalize_zone(host_domain): + host_in_rr = self.fqdn.split(".")[0] + else: + host_in_rr = normalize_zone(self.fqdn) + priority = 0 ipa_srv_rec = ( - ("_ldap._tcp", [self.srv_rec(host, 389, priority)], 389), - ("_kerberos._tcp", [self.srv_rec(host, 88, priority)], 88), - ("_kerberos._udp", [self.srv_rec(host, 88, priority)], 88), + ("_ldap._tcp", [self.srv_rec(host_in_rr, 389, priority)], 389), + ("_kerberos._tcp", [self.srv_rec(host_in_rr, 88, priority)], 88), + ("_kerberos._udp", [self.srv_rec(host_in_rr, 88, priority)], 88), ) win_srv_suffix = (".Default-First-Site-Name._sites.dc._msdcs", ".dc._msdcs") -- 1.8.3.1
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
