On 7.12.2015 16:43, Martin Kosek wrote:
On 12/07/2015 02:17 PM, Tomas Babej wrote:
On 12/04/2015 08:22 PM, Rob Crittenden wrote:
Martin Kosek wrote:
On 12/04/2015 07:17 PM, Tomas Babej wrote:
Avoids failing in the later stages during the ipa-client-install
Is this change needed? Wouldn't it be better to update
ipa-client-install or ipa-replica-install to not require the --domain
option? I would hope that --domain can be figured out during
installation and not passed to ipa-replica-install manually by the admin.
I just think that calling
# ipa-replica-install --server=master.example.com
is better than
# ipa-replica-install --server=master.example.com --domain example.com
IIRC this is for service discovery when using a specific server and not
LDAP. This is the domain used to search for the kerberos realm, for
That isn't to say this isn't discoverable but it would require another
function in discovery to query what the IPA domain is from the given
master but it gets tricky if anonymous search is disabled, for example.
Needed or not, this is the behaviour that ipa-client-install has now.
Adding a domain detection method would be a RFE for ipa-client-install
(and imho not something we should be adding at this point).
This patch only focuses on making the ipa-replica-install work more
I am just thinking that client promotion (ipa-replica-install) and
ipa-client-install are a bit different use cases. While ipa-client-install
should be typically run in auto-discovery and you thus do not use --server
option much, while with ipa-replica-install, you want to make sure you have the
expected topology and should use --server all the time without gambling on it.
But I do not think it has to be there since 4.3 GA, can you please file a
ticket for this gap?
I would rather do it now, because the change from optional to mandatory
is backward incompatible. (We don't want to break users' scripts, right?)
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code