Re: [Freeipa-devel] [PATCH] 753 honor domain and server flags in client install
On 03/15/2011 12:36 PM, Adam Young wrote: On 03/15/2011 11:59 AM, John Dennis wrote: On 03/15/2011 11:03 AM, Adam Young wrote: On 03/15/2011 09:22 AM, Rob Crittenden wrote: We now use TLS for the LDAP connection so need to fetch the IPA CA remotely very early in the process. Because we weren't honoring the server flags when doing DNS discovery we didn't know where to fetch the CA from. ticket 1090 rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Patched code can be simplified like this. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK ACK #2 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Pushed to master ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 753 honor domain and server flags in client install
On 03/15/2011 11:59 AM, John Dennis wrote: On 03/15/2011 11:03 AM, Adam Young wrote: On 03/15/2011 09:22 AM, Rob Crittenden wrote: We now use TLS for the LDAP connection so need to fetch the IPA CA remotely very early in the process. Because we weren't honoring the server flags when doing DNS discovery we didn't know where to fetch the CA from. ticket 1090 rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Patched code can be simplified like this. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK ACK #2 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 753 honor domain and server flags in client install
On 03/15/2011 11:03 AM, Adam Young wrote: On 03/15/2011 09:22 AM, Rob Crittenden wrote: We now use TLS for the LDAP connection so need to fetch the IPA CA remotely very early in the process. Because we weren't honoring the server flags when doing DNS discovery we didn't know where to fetch the CA from. ticket 1090 rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Patched code can be simplified like this. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel ACK -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH] 753 honor domain and server flags in client install
On 03/15/2011 09:22 AM, Rob Crittenden wrote: We now use TLS for the LDAP connection so need to fetch the IPA CA remotely very early in the process. Because we weren't honoring the server flags when doing DNS discovery we didn't know where to fetch the CA from. ticket 1090 rob ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Patched code can be simplified like this. From a36bc4ee93d13c28f8edf2bb94eb4dbfc25be568 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Tue, 15 Mar 2011 09:12:35 -0400 Subject: [PATCH] Always consider domain and server when doing DNS discovery in client. When not on master we weren't passing in the user-supplied domain and server. Because of changes made that require TLS on the LDAP calls we always need the server name early in the process to retrieve the IPA CA certificate. ticket 1090 --- ipa-client/ipa-install/ipa-client-install | 12 1 files changed, 4 insertions(+), 8 deletions(-) diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 720e8135326c12aedebf11d958370e5f5d839be2..4ff4c458eb127efab967ee36e0463717a2848e61 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -684,10 +684,8 @@ def main(): # Create the discovery instance ds = ipaclient.ipadiscovery.IPADiscovery() -if options.on_master: -ret = ds.search(domain=options.domain, server=options.server) -else: -ret = ds.search() +ret = ds.search(domain=options.domain, server=options.server) + if ret == -10: print >>sys.stderr, "Can't get the fully qualified name of this host" print >>sys.stderr, "Please check that the client is properly configured" @@ -703,10 +701,8 @@ def main(): print "DNS discovery failed to determine your DNS domain" cli_domain = user_input("Please provide the domain name of your IPA server (ex: example.com)", allow_empty = False) logging.debug("will use domain: %s\n", cli_domain) -if options.on_master: -ret = ds.search(domain=cli_domain, server=options.server) -else: -ret = ds.search(domain=cli_domain) +ret = ds.search(domain=cli_domain, server=options.server) + if not cli_domain: if ds.getDomainName(): cli_domain = ds.getDomainName() -- 1.7.4 ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH] 753 honor domain and server flags in client install
We now use TLS for the LDAP connection so need to fetch the IPA CA remotely very early in the process. Because we weren't honoring the server flags when doing DNS discovery we didn't know where to fetch the CA from. ticket 1090 rob freeipa-rcrit-753-client.patch Description: application/mbox ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel