On 12/07/2015 02:17 PM, Tomas Babej wrote: > > > On 12/04/2015 08:22 PM, Rob Crittenden wrote: >> Martin Kosek wrote: >>> On 12/04/2015 07:17 PM, Tomas Babej wrote: >>>> Hi, >>>> >>>> Avoids failing in the later stages during the ipa-client-install >>>> command. >>>> >>>> Tomas >>> >>> Is this change needed? Wouldn't it be better to update >>> ipa-client-install or ipa-replica-install to not require the --domain >>> option? I would hope that --domain can be figured out during >>> installation and not passed to ipa-replica-install manually by the admin. >>> >>> I just think that calling >>> # ipa-replica-install --server=master.example.com >>> is better than >>> # ipa-replica-install --server=master.example.com --domain example.com >>> if possible. >> >> IIRC this is for service discovery when using a specific server and not >> LDAP. This is the domain used to search for the kerberos realm, for >> example. >> >> That isn't to say this isn't discoverable but it would require another >> function in discovery to query what the IPA domain is from the given >> master but it gets tricky if anonymous search is disabled, for example. >> >> rob >> > > Needed or not, this is the behaviour that ipa-client-install has now. > Adding a domain detection method would be a RFE for ipa-client-install > (and imho not something we should be adding at this point). > > This patch only focuses on making the ipa-replica-install work more > smoothly.
I am just thinking that client promotion (ipa-replica-install) and ipa-client-install are a bit different use cases. While ipa-client-install should be typically run in auto-discovery and you thus do not use --server option much, while with ipa-replica-install, you want to make sure you have the expected topology and should use --server all the time without gambling on it. But I do not think it has to be there since 4.3 GA, can you please file a ticket for this gap? -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code