Ticket created : Ticket #3955
-- http://about.me/chandank On Fri, Sep 27, 2013 at 12:40 AM, Petr Spacek <[email protected]> wrote: > On 27.9.2013 07:23, Chandan Kumar wrote: > >> Hi Rob, >> >> Thanks for the info. Sure I will create the ticket and will certainly try >> to pick the low-hanging fruit :-) >> >> >> -- >> http://about.me/chandank >> >> >> On Thu, Sep 26, 2013 at 7:51 PM, Rob Crittenden <[email protected]> >> wrote: >> >> Chandan Kumar wrote: >>> >>> Hello, >>>> >>>> I have basic configuration question, my apologies if it has already been >>>> discussed. >>>> >>>> I have ipa-server-3 server installed with default parameters with >>>> replication. >>>> >>>> We have Linux machines across different geo location and I would like to >>>> integrate them into IPA server, however, I don't want external clients >>>> to connect the server on standard port. >>>> >>>> For example, during ipa-client registration it requires all IPA services >>>> to be running on default port. >>>> >>>> Such as : trying https://ipa01.my.net/ipa/xml >>>> >>>> kdc = ipa01.my.net:88 <http://ipa01.my.net:88> >>>> master_kdc = ipa01.my.net:88 <http://ipa01.my.net:88> >>>> admin_server = ipa01.my.net:749 <http://ipa01.my.net:749> >>>> >>>> >>>> Is there any way in ipa-client-install or sssd file to instruct IPA >>>> client to connect to IPA server on no-standard ports such as >>>> >>>> trying >>>> https://ipa01.my.net:8080/ipa/****xml<https://ipa01.my.net:8080/ipa/**xml> >>>> <https://ipa01.my.net:**8080/ipa/xml<https://ipa01.my.net:8080/ipa/xml> >>>> > >>>> >>>> >>>> This way I don't have to allocate a separate IP or additional web server >>>> to redirect the requests a simple NAT at firewall will do such as >>>> external 8080 -> internal 443 >>>> >>>> >>> Currently there is no way to do this. I'd have sworn we had a ticket to >>> add this but a quick search didn't turn it up. If you'd like this >>> supported >>> feel free to open a ticket at https://fedorahosted.org/**** >>> freeipa/newticket <https://fedorahosted.org/**freeipa/newticket>< >>> https://**fedorahosted.org/freeipa/**newticket<https://fedorahosted.org/freeipa/newticket> >>> > >>> >>> >>> I don't think this would be tremendously difficult to do, the trick would >>> be communicating the port to clients somehow while they are trying to >>> enroll. A command-line option would probably be the shortest path. >>> >>> This may be decent low-hanging fruit if you're interested in being a >>> contributor to IPA. >>> >> > Speaking specifically about Kerberos, LDAP and NTP - it should be possible > to change port number in SRV records in DNS and that is it. I'm not sure if > client libraries really support this, but you can try it. > > HTTP and HTTPS will be more problematic because there there are no SRV > records for them. > > -- > Petr^2 Spacek > > ______________________________**_________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/**mailman/listinfo/freeipa-users<https://www.redhat.com/mailman/listinfo/freeipa-users> >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
