while investigating a problem reported on ipa-users, I found out that
check_domain() method in ipaclient/ipadiscovery.py checks _ldap._tcp SRV
This seems to be based on assumption that IPA client is in the same DNS
sub-tree as the main IPA domain.
IMHO it would be better to find _kerberos TXT record in client's domain (or
its parent domains) and then check _ldap._tcp SRV records in domain pointed to
by _kerberos record.
Do you agree? Am I missing something?
ipadiscovery.py could be re-used in ipa-server-install as mechanism to detect
attempts to install IPA into a DNS domain which is already occupied by another
IPA, or AD, or something else.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code