A quick fix for https://fedorahosted.org/freeipa/ticket/4305

I'm aware that we were talking about putting realmd discovery into IPADiscovery class and stuff, but that is a bit beyond the scope of this ticket.

I will open ticket(s) tracking:

1.) Offload at least the IPA realm DNS discovery to realmd D-Bus interface
2.) rewrite (not refactoring: the stuff also needs a substantial functional redesign IMHO) of the DNS discovery in the client-side installers.

I will make sure that this effort is not forgotten and we are not left with yet-another temporary fix.

Martin^3 Babinsky
From 36f5626c3bbd930193f03576b01574fa00bdcf2f Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Mon, 7 Mar 2016 17:41:15 +0100
Subject: [PATCH] only search for Kerberos SRV records when autodiscovery was

When a list of servers is passed to ipa-client-{install,automount} the search
of Kerberos and LDAP SRV records should be suppressed and the specified
hostnames used directly as LDAP servers/KDCs. We thus should not performed
search for KDCs when the autodiscovery was actually not requested.

 ipaclient/ipadiscovery.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/ipaclient/ipadiscovery.py b/ipaclient/ipadiscovery.py
index ed59529fbbf7f3973872439de377175c7a9d5589..1ba7c1a2d6ae071543b76812463d114de494c296 100644
--- a/ipaclient/ipadiscovery.py
+++ b/ipaclient/ipadiscovery.py
@@ -273,9 +273,13 @@ class IPADiscovery(object):
         if not servers and not realm:
             return REALM_NOT_FOUND
-        self.kdc = self.ipadnssearchkrbkdc()
-        self.kdc_source = (
-            'Discovered Kerberos DNS records from %s' % self.domain)
+        if autodiscovered:
+            self.kdc = self.ipadnssearchkrbkdc()
+            self.kdc_source = (
+                'Discovered Kerberos DNS records from %s' % self.domain)
+        else:
+            self.kdc = ', '.join(servers)
+            self.kdc_source = "Kerberos DNS record discovery bypassed"
         # We may have received multiple servers corresponding to the domain
         # Iterate through all of those to check if it is IPA LDAP server

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to