Hi Rob,

Thanks for the info. Sure I will create the ticket and will certainly try
to pick the low-hanging fruit :-)


On Thu, Sep 26, 2013 at 7:51 PM, Rob Crittenden <rcrit...@redhat.com> wrote:

> Chandan Kumar wrote:
>> Hello,
>> I have basic configuration question, my apologies if it has already been
>> discussed.
>> I have ipa-server-3 server installed with default parameters with
>> replication.
>> We have Linux machines across different geo location and I would like to
>> integrate them into IPA server, however, I don't want external clients
>> to connect the server on standard port.
>> For example, during ipa-client registration it requires all IPA services
>> to be running on default port.
>> Such as : trying https://ipa01.my.net/ipa/xml
>> kdc = ipa01.my.net:88 <http://ipa01.my.net:88>
>> master_kdc = ipa01.my.net:88 <http://ipa01.my.net:88>
>> admin_server = ipa01.my.net:749 <http://ipa01.my.net:749>
>> Is there any way in ipa-client-install or sssd file to instruct IPA
>> client to connect to IPA server on no-standard ports such as
>> trying https://ipa01.my.net:8080/ipa/**xml<https://ipa01.my.net:8080/ipa/xml>
>> This way I don't have to allocate a separate IP or additional web server
>> to redirect the requests a simple NAT at firewall will do such as
>> external 8080 -> internal 443
> Currently there is no way to do this. I'd have sworn we had a ticket to
> add this but a quick search didn't turn it up. If you'd like this supported
> feel free to open a ticket at 
> https://fedorahosted.org/**freeipa/newticket<https://fedorahosted.org/freeipa/newticket>
> I don't think this would be tremendously difficult to do, the trick would
> be communicating the port to clients somehow while they are trying to
> enroll. A command-line option would probably be the shortest path.
> This may be decent low-hanging fruit if you're interested in being a
> contributor to IPA.
> rob
Freeipa-users mailing list

Reply via email to