Martin Kosek wrote:
> On 12/04/2015 07:17 PM, Tomas Babej wrote:
>> Avoids failing in the later stages during the ipa-client-install
> Is this change needed? Wouldn't it be better to update
> ipa-client-install or ipa-replica-install to not require the --domain
> option? I would hope that --domain can be figured out during
> installation and not passed to ipa-replica-install manually by the admin.
> I just think that calling
> # ipa-replica-install --server=master.example.com
> is better than
> # ipa-replica-install --server=master.example.com --domain example.com
> if possible.
IIRC this is for service discovery when using a specific server and not
LDAP. This is the domain used to search for the kerberos realm, for
That isn't to say this isn't discoverable but it would require another
function in discovery to query what the IPA domain is from the given
master but it gets tricky if anonymous search is disabled, for example.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code