Re: [Freeipa-devel] [PATCH] 0004 (2) Make proper LDAP configuration reporting for ipa-cli-install
On Fri, 2011-07-29 at 13:09 +0300, Alexander Bokovoy wrote: Hi, another attempt to refine error/configuration reporting when configuring means to access LDAP on a client. Previous one tried to use rpm to find out package name but this approach is avoiding package names. Instead, it tries to tell configuration file. Ticker https://fedorahosted.org/freeipa/ticket/1369 NACK. 1) Return info from LDAP config functions gets overwritten: if not options.sssd: (retcode, conf, filename) = configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options) if retcode: return 1 (retcode, conf, filename) = configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options) if retcode: return 1 Only one function will do the real configuration, in my case it was the configure_ldap_conf (nslcd was not installed). Due to the overwrite, my ipa-client-install reported invalid information: # ipa-client-install --server=vm-059.idm.lab.bos.redhat.com --domain=idm.lab.bos.redhat.com --no-sssd ... LDAP enabled Kerberos 5 enabled NSLCD configured using configuration file /etc/nslcd.conf Unable to use DNS discovery! Recognized configuration: NSLCD Changing configuration of /etc/ldap.conf to use hardcoded server name: vm-059.idm.lab.bos.redhat.com NTP enabled Client configuration complete. We need to indicate in the return triple that the service was not configured so that we output correct information. 2) Returning tuple instead of triple (will raise exception when used): -return 1 +return (1, 'nslcd') Plus, NSLCD is referred in upper case in other return statements. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0004 (2) Make proper LDAP configuration reporting for ipa-cli-install
On 29.07.2011 14:13, Martin Kosek wrote:
On Fri, 2011-07-29 at 13:09 +0300, Alexander Bokovoy wrote:
Hi,
another attempt to refine error/configuration reporting when configuring
means to access LDAP on a client. Previous one tried to use rpm to find
out package name but this approach is avoiding package names. Instead,
it tries to tell configuration file.
Ticker https://fedorahosted.org/freeipa/ticket/1369
NACK.
1) Return info from LDAP config functions gets overwritten:
if not options.sssd:
(retcode, conf, filename) = configure_ldap_conf(fstore, cli_basedn,
cli_realm, cli_domain, cli_server, dnsok, options)
if retcode:
return 1
(retcode, conf, filename) = configure_nslcd_conf(fstore, cli_basedn,
cli_realm, cli_domain, cli_server, dnsok, options)
if retcode:
return 1
Only one function will do the real configuration, in my case it was the
configure_ldap_conf (nslcd was not installed). Due to the overwrite, my
ipa-client-install reported invalid information:
Yes, fixed.
# ipa-client-install --server=vm-059.idm.lab.bos.redhat.com
--domain=idm.lab.bos.redhat.com --no-sssd
...
LDAP enabled
Kerberos 5 enabled
NSLCD configured using configuration file /etc/nslcd.conf
Unable to use DNS discovery! Recognized configuration: NSLCD
Changing configuration of /etc/ldap.conf to use hardcoded server name:
vm-059.idm.lab.bos.redhat.com
NTP enabled
Client configuration complete.
We need to indicate in the return triple that the service was not
configured so that we output correct information.
I did this now by returning None: return (0, None, None).
2) Returning tuple instead of triple (will raise exception when used):
-return 1
+return (1, 'nslcd')
Plus, NSLCD is referred in upper case in other return statements.
Fixed.
Version 3 attached.
--
/ Alexander Bokovoy
From c2ebbee6c1796874a44a735a843a9453ccaaf4bf Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Fri, 29 Jul 2011 13:05:07 +0300
Subject: [PATCH] Make proper LDAP configuration reporting for
ipa-client-install
Ticket https://fedorahosted.org/freeipa/ticket/1369
---
ipa-client/ipa-install/ipa-client-install | 29 +
1 files changed, 17 insertions(+), 12 deletions(-)
diff --git a/ipa-client/ipa-install/ipa-client-install
b/ipa-client/ipa-install/ipa-client-install
index
2e1a28ca087dee9eea04ccc7a9e6e4f8ce89..5847fea1d3e26bdd0c6182ab0ecf3d19ab0f69bc
100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -336,6 +336,7 @@ def configure_ldap_conf(fstore, cli_basedn, cli_realm,
cli_domain, cli_server, d
opts.append({'name':'empty', 'type':'empty'})
+ret = (0, None, None)
# Depending on the release and distribution this may exist in any
# number of different file names, update what we find
for filename in ['/etc/ldap.conf', '/etc/nss_ldap.conf',
'/etc/libnss-ldap.conf', '/etc/pam_ldap.conf']:
@@ -343,11 +344,12 @@ def configure_ldap_conf(fstore, cli_basedn, cli_realm,
cli_domain, cli_server, d
try:
fstore.backup_file(filename)
ldapconf.newConf(filename, opts)
+return (0, 'LDAP', filename)
except Exception, e:
print Creation of %s: %s % (filename, str(e))
-return 1
+return (1, 'LDAP', filename)
-return 0
+return ret
def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain,
cli_server, dnsok, options):
nslcdconf = ipaclient.ipachangeconf.IPAChangeConf(IPA Installer)
@@ -379,7 +381,7 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm,
cli_domain, cli_server,
nslcdconf.newConf('/etc/nslcd.conf', opts)
except Exception, e:
print Creation of %s: %s % ('/etc/nslcd.conf', str(e))
-return 1
+return (1, None, None)
if ipautil.service_is_installed('nslcd'):
try:
@@ -394,8 +396,9 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm,
cli_domain, cli_server,
logging.error(Failed to enable automatic startup of the NSLCD
daemon: %s % str(e))
else:
logging.debug(NSLCD daemon is not installed, skip configuration)
+return (0, None, None)
-return 0
+return (0, 'NSLCD', '/etc/nslcd.conf')
def hardcode_ldap_server(cli_server):
@@ -945,7 +948,8 @@ def main():
else:
# this is optional service, just log
-logging.info(NSCD daemon is not installed, skip configuration)
+if not options.sssd:
+logging.info(NSCD daemon is not installed, skip configuration)
# Modify nsswitch/pam stack
if options.sssd:
@@ -967,11 +971,12 @@ def main():
# Update non-SSSD LDAP configuration after authconfig calls as it would
# change its configuration otherways
if not
Re: [Freeipa-devel] [PATCH] 0004 (2) Make proper LDAP configuration reporting for ipa-cli-install
On Fri, 2011-07-29 at 15:59 +0300, Alexander Bokovoy wrote: On 29.07.2011 14:13, Martin Kosek wrote: On Fri, 2011-07-29 at 13:09 +0300, Alexander Bokovoy wrote: Hi, another attempt to refine error/configuration reporting when configuring means to access LDAP on a client. Previous one tried to use rpm to find out package name but this approach is avoiding package names. Instead, it tries to tell configuration file. Ticker https://fedorahosted.org/freeipa/ticket/1369 NACK. 1) Return info from LDAP config functions gets overwritten: if not options.sssd: (retcode, conf, filename) = configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options) if retcode: return 1 (retcode, conf, filename) = configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options) if retcode: return 1 Only one function will do the real configuration, in my case it was the configure_ldap_conf (nslcd was not installed). Due to the overwrite, my ipa-client-install reported invalid information: Yes, fixed. # ipa-client-install --server=vm-059.idm.lab.bos.redhat.com --domain=idm.lab.bos.redhat.com --no-sssd ... LDAP enabled Kerberos 5 enabled NSLCD configured using configuration file /etc/nslcd.conf Unable to use DNS discovery! Recognized configuration: NSLCD Changing configuration of /etc/ldap.conf to use hardcoded server name: vm-059.idm.lab.bos.redhat.com NTP enabled Client configuration complete. We need to indicate in the return triple that the service was not configured so that we output correct information. I did this now by returning None: return (0, None, None). 2) Returning tuple instead of triple (will raise exception when used): -return 1 +return (1, 'nslcd') Plus, NSLCD is referred in upper case in other return statements. Fixed. Version 3 attached. Getting closer, but still not there (although I really like your for configurer in ... construct): # ipa-client-install --server=vm-059.idm.lab.bos.redhat.com --domain=idm.lab.bos.redhat.com --no-sssd ... LDAP enabled Kerberos 5 enabled LDAP configured using configuration file /etc/ldap.conf Unable to use DNS discovery! Recognized configuration: None Changing configuration of /etc/ldap.conf to use hardcoded server name: vm-059.idm.lab.bos.redhat.com NTP enabled Client configuration complete. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0004 (2) Make proper LDAP configuration reporting for ipa-cli-install
Martin Kosek wrote: On Fri, 2011-07-29 at 15:59 +0300, Alexander Bokovoy wrote: On 29.07.2011 14:13, Martin Kosek wrote: On Fri, 2011-07-29 at 13:09 +0300, Alexander Bokovoy wrote: Hi, another attempt to refine error/configuration reporting when configuring means to access LDAP on a client. Previous one tried to use rpm to find out package name but this approach is avoiding package names. Instead, it tries to tell configuration file. Ticker https://fedorahosted.org/freeipa/ticket/1369 NACK. 1) Return info from LDAP config functions gets overwritten: if not options.sssd: (retcode, conf, filename) = configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options) if retcode: return 1 (retcode, conf, filename) = configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options) if retcode: return 1 Only one function will do the real configuration, in my case it was the configure_ldap_conf (nslcd was not installed). Due to the overwrite, my ipa-client-install reported invalid information: Yes, fixed. # ipa-client-install --server=vm-059.idm.lab.bos.redhat.com --domain=idm.lab.bos.redhat.com --no-sssd ... LDAP enabled Kerberos 5 enabled NSLCD configured using configuration file /etc/nslcd.conf Unable to use DNS discovery! Recognized configuration: NSLCD Changing configuration of /etc/ldap.conf to use hardcoded server name: vm-059.idm.lab.bos.redhat.com NTP enabled Client configuration complete. We need to indicate in the return triple that the service was not configured so that we output correct information. I did this now by returning None: return (0, None, None). 2) Returning tuple instead of triple (will raise exception when used): -return 1 +return (1, 'nslcd') Plus, NSLCD is referred in upper case in other return statements. Fixed. Version 3 attached. Getting closer, but still not there (although I really like your for configurer in ... construct): # ipa-client-install --server=vm-059.idm.lab.bos.redhat.com --domain=idm.lab.bos.redhat.com --no-sssd ... LDAP enabled Kerberos 5 enabled LDAP configured using configuration file /etc/ldap.conf Unable to use DNS discovery! Recognized configuration: None Changing configuration of /etc/ldap.conf to use hardcoded server name: vm-059.idm.lab.bos.redhat.com NTP enabled Client configuration complete. Martin Backtrace on sssd-based install: # ipa-client-install --server=panther.greyoak.com --domain=greyoak.com --realm=GREYOAK.COM -p admin DNS domain 'greyoak.com' is not configured for automatic KDC address lookup. KDC address will be set to fixed value. Discovery was successful! Hostname: slinky.greyoak.com Realm: GREYOAK.COM DNS Domain: greyoak.com IPA Server: panther.greyoak.com BaseDN: dc=greyoak,dc=com Continue to configure the system with these values? [no]: y Password for ad...@greyoak.com: Enrolled in IPA realm GREYOAK.COM Created /etc/ipa/default.conf Configured /etc/sssd/sssd.conf Configured /etc/krb5.conf for IPA realm GREYOAK.COM SSSD enabled Kerberos 5 enabled Traceback (most recent call last): File /usr/sbin/ipa-client-install, line 1079, in module sys.exit(main()) File /usr/sbin/ipa-client-install, line 1054, in main print Unable to use DNS discovery! Recognized configuration: %s % (conf) UnboundLocalError: local variable 'conf' referenced before assignment ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0004 (2) Make proper LDAP configuration reporting for ipa-cli-install
On 29.07.2011 18:09, Rob Crittenden wrote:
Backtrace on sssd-based install:
# ipa-client-install --server=panther.greyoak.com --domain=greyoak.com
--realm=GREYOAK.COM -p admin
DNS domain 'greyoak.com' is not configured for automatic KDC address
lookup.
KDC address will be set to fixed value.
Discovery was successful!
Hostname: slinky.greyoak.com
Realm: GREYOAK.COM
DNS Domain: greyoak.com
IPA Server: panther.greyoak.com
BaseDN: dc=greyoak,dc=com
Continue to configure the system with these values? [no]: y
Password for ad...@greyoak.com:
Enrolled in IPA realm GREYOAK.COM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm GREYOAK.COM
SSSD enabled
Kerberos 5 enabled
Traceback (most recent call last):
File /usr/sbin/ipa-client-install, line 1079, in module
sys.exit(main())
File /usr/sbin/ipa-client-install, line 1054, in main
print Unable to use DNS discovery! Recognized configuration: %s %
(conf)
UnboundLocalError: local variable 'conf' referenced before assignment
Yes. Fixed that.
What we also want to show is that after all effort to configure LDAP,
DNS, etc, we are unable to find user admin. I have changed the printed
statements to be clear. So in case we are unable to find admin, we'll print:
Unable to find 'admin' user with 'getent passwd admin'!
If we know what we were working with (SSSD, NSLCD, or LDAP), we'll also
print:
Recognized configuration: (one of SSSD, NSLCD, LDAP)
otherwise it will show following statement:
No recognized configuration, please check manually NSS setup
and will try to hardcode LDAP server in /etc/ldap.conf if that exists.
If the latter attempt succeeds, user will see:
Changed configuration of /etc/ldap.conf to use hardcoded server name:
(name of server)
I think it is at most what we can do without referencing hardcoded
config files directly (except for /etc/ldap.conf) in 2.1. Ideally, all
this code for configuring specific services should go into
platform-specific backend and be re-used from there but that is
something for 2.1.1 as it would need my cross-platform enablers which
are too big for 2.1.
--
/ Alexander Bokovoy
From 5d38060f05d4642761bb62db810d8e6b89a3f150 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Fri, 29 Jul 2011 13:05:07 +0300
Subject: [PATCH] Make proper LDAP configuration reporting for
ipa-client-install
Ticket https://fedorahosted.org/freeipa/ticket/1369
---
ipa-client/ipa-install/ipa-client-install | 35 +++--
1 files changed, 23 insertions(+), 12 deletions(-)
diff --git a/ipa-client/ipa-install/ipa-client-install
b/ipa-client/ipa-install/ipa-client-install
index
c5f66be85361ecb3ab8b0c41908d378702df068d..4a61c1bb08057428153374c046f0223a12aefaf6
100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -345,6 +345,7 @@ def configure_ldap_conf(fstore, cli_basedn, cli_realm,
cli_domain, cli_server, d
opts.append({'name':'empty', 'type':'empty'})
+ret = (0, None, None)
# Depending on the release and distribution this may exist in any
# number of different file names, update what we find
for filename in ['/etc/ldap.conf', '/etc/nss_ldap.conf',
'/etc/libnss-ldap.conf', '/etc/pam_ldap.conf']:
@@ -352,11 +353,12 @@ def configure_ldap_conf(fstore, cli_basedn, cli_realm,
cli_domain, cli_server, d
try:
fstore.backup_file(filename)
ldapconf.newConf(filename, opts)
+return (0, 'LDAP', filename)
except Exception, e:
print Creation of %s: %s % (filename, str(e))
-return 1
+return (1, 'LDAP', filename)
-return 0
+return ret
def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain,
cli_server, dnsok, options):
nslcdconf = ipaclient.ipachangeconf.IPAChangeConf(IPA Installer)
@@ -388,7 +390,7 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm,
cli_domain, cli_server,
nslcdconf.newConf('/etc/nslcd.conf', opts)
except Exception, e:
print Creation of %s: %s % ('/etc/nslcd.conf', str(e))
-return 1
+return (1, None, None)
if ipautil.service_is_installed('nslcd'):
try:
@@ -403,8 +405,9 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm,
cli_domain, cli_server,
logging.error(Failed to enable automatic startup of the NSLCD
daemon: %s % str(e))
else:
logging.debug(NSLCD daemon is not installed, skip configuration)
+return (0, None, None)
-return 0
+return (0, 'NSLCD', '/etc/nslcd.conf')
def hardcode_ldap_server(cli_server):
@@ -422,6 +425,7 @@ def hardcode_ldap_server(cli_server):
# Errors raised by this
Re: [Freeipa-devel] [PATCH] 0004 (2) Make proper LDAP configuration reporting for ipa-cli-install
On 07/29/2011 11:35 AM, Alexander Bokovoy wrote: No recognized configuration, please check manually NSS setup May be reword: Unknown configuration, please check NSS setup manually But some time ago, somewhere, some person from doc told me not to use please in any error massages, man pages or help. I do not know whether this is relevant or not but should we avoid using please? So how about: Unknown configuration, check NSS setup manually or Detected unknown configuration, check NSS setup manually -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. --- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 0004 (2) Make proper LDAP configuration reporting for ipa-cli-install
On 29.07.2011 18:45, Dmitri Pal wrote:
On 07/29/2011 11:35 AM, Alexander Bokovoy wrote:
No recognized configuration, please check manually NSS setup
May be reword:
Unknown configuration, please check NSS setup manually
But some time ago, somewhere, some person from doc told me not to use
please in any error massages, man pages or help.
I do not know whether this is relevant or not but should we avoid using
please?
So how about:
Unknown configuration, check NSS setup manually
Thought about it and I think this would be better:
Unable to reliably detect configuration. Check NSS setup manually.
or
Detected unknown configuration, check NSS setup manually
I decided to remove all 'please' (there are plenty!). Hopefully, this
will not make installing IPA on a client less pleasing process.
--
/ Alexander Bokovoy
From a3554af3c7186a248222398b3ca4411fa6bb6a85 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy aboko...@redhat.com
Date: Fri, 29 Jul 2011 13:05:07 +0300
Subject: [PATCH] Make proper LDAP configuration reporting for
ipa-client-install
Ticket https://fedorahosted.org/freeipa/ticket/1369
---
ipa-client/ipa-install/ipa-client-install | 47 ++---
1 files changed, 29 insertions(+), 18 deletions(-)
diff --git a/ipa-client/ipa-install/ipa-client-install
b/ipa-client/ipa-install/ipa-client-install
index
c5f66be85361ecb3ab8b0c41908d378702df068d..e3b9dfbab5975aade08ee36e98fc9a048df76784
100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -147,7 +147,7 @@ def uninstall(options, env):
server_fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
if server_fstore.has_files() and not options.on_master:
print IPA client is configured as a part of IPA server on this
system.
-print Please refer to ipa-server-install for uninstallation.
+print Refer to ipa-server-install for uninstallation.
return 2
sssdconfig = SSSDConfig.SSSDConfig()
@@ -345,6 +345,7 @@ def configure_ldap_conf(fstore, cli_basedn, cli_realm,
cli_domain, cli_server, d
opts.append({'name':'empty', 'type':'empty'})
+ret = (0, None, None)
# Depending on the release and distribution this may exist in any
# number of different file names, update what we find
for filename in ['/etc/ldap.conf', '/etc/nss_ldap.conf',
'/etc/libnss-ldap.conf', '/etc/pam_ldap.conf']:
@@ -352,11 +353,12 @@ def configure_ldap_conf(fstore, cli_basedn, cli_realm,
cli_domain, cli_server, d
try:
fstore.backup_file(filename)
ldapconf.newConf(filename, opts)
+return (0, 'LDAP', filename)
except Exception, e:
print Creation of %s: %s % (filename, str(e))
-return 1
+return (1, 'LDAP', filename)
-return 0
+return ret
def configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain,
cli_server, dnsok, options):
nslcdconf = ipaclient.ipachangeconf.IPAChangeConf(IPA Installer)
@@ -388,7 +390,7 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm,
cli_domain, cli_server,
nslcdconf.newConf('/etc/nslcd.conf', opts)
except Exception, e:
print Creation of %s: %s % ('/etc/nslcd.conf', str(e))
-return 1
+return (1, None, None)
if ipautil.service_is_installed('nslcd'):
try:
@@ -403,8 +405,9 @@ def configure_nslcd_conf(fstore, cli_basedn, cli_realm,
cli_domain, cli_server,
logging.error(Failed to enable automatic startup of the NSLCD
daemon: %s % str(e))
else:
logging.debug(NSLCD daemon is not installed, skip configuration)
+return (0, None, None)
-return 0
+return (0, 'NSLCD', '/etc/nslcd.conf')
def hardcode_ldap_server(cli_server):
@@ -422,6 +425,7 @@ def hardcode_ldap_server(cli_server):
# Errors raised by this should be caught by the caller
ldapconf.changeConf(/etc/ldap.conf, opts)
+print Changed configuration of /etc/ldap.conf to use hardcoded server
name: +cli_server
return
@@ -737,7 +741,7 @@ def main():
if fstore.has_files():
sys.exit(IPA client is already configured on this system.\n
-+ If you want to reinstall the IPA client please uninstall it
first.)
++ If you want to reinstall the IPA client, uninstall it
first.)
cli_domain = None
cli_server = None
@@ -766,7 +770,7 @@ def main():
if ret == ipadiscovery.BAD_HOST_CONFIG:
print sys.stderr, Can't get the fully qualified name of this host
-print sys.stderr, Please check that the client is properly
configured
+print sys.stderr, Check that the client is properly configured
return ret
if ret == ipadiscovery.NOT_FQDN:
print sys.stderr, %s is not a fully-qualified hostname %
Re: [Freeipa-devel] [PATCH] 0004 (2) Make proper LDAP configuration reporting for ipa-cli-install
Alexander Bokovoy wrote: On 29.07.2011 18:45, Dmitri Pal wrote: On 07/29/2011 11:35 AM, Alexander Bokovoy wrote: No recognized configuration, please check manually NSS setup May be reword: Unknown configuration, please check NSS setup manually But some time ago, somewhere, some person from doc told me not to use please in any error massages, man pages or help. I do not know whether this is relevant or not but should we avoid using please? So how about: Unknown configuration, check NSS setup manually Thought about it and I think this would be better: Unable to reliably detect configuration. Check NSS setup manually. or Detected unknown configuration, check NSS setup manually I decided to remove all 'please' (there are plenty!). Hopefully, this will not make installing IPA on a client less pleasing process. ack, pushed to master rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
