Re: [Freeipa-devel] [PATCH] 753 honor domain and server flags in client install

2011-03-15 Thread Adam Young

On 03/15/2011 12:36 PM, Adam Young wrote:

On 03/15/2011 11:59 AM, John Dennis wrote:

On 03/15/2011 11:03 AM, Adam Young wrote:

On 03/15/2011 09:22 AM, Rob Crittenden wrote:

We now use TLS for the LDAP connection so need to fetch the IPA CA
remotely very early in the process. Because we weren't honoring the
server flags when doing DNS discovery we didn't know where to fetch
the CA from.

ticket 1090

rob


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Patched code can be simplified like this.



___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


ACK


ACK #2

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Pushed to master

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] [PATCH] 753 honor domain and server flags in client install

2011-03-15 Thread Adam Young

On 03/15/2011 11:59 AM, John Dennis wrote:

On 03/15/2011 11:03 AM, Adam Young wrote:

On 03/15/2011 09:22 AM, Rob Crittenden wrote:

We now use TLS for the LDAP connection so need to fetch the IPA CA
remotely very early in the process. Because we weren't honoring the
server flags when doing DNS discovery we didn't know where to fetch
the CA from.

ticket 1090

rob


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Patched code can be simplified like this.



___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


ACK


ACK #2

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] [PATCH] 753 honor domain and server flags in client install

2011-03-15 Thread John Dennis

On 03/15/2011 11:03 AM, Adam Young wrote:

On 03/15/2011 09:22 AM, Rob Crittenden wrote:

We now use TLS for the LDAP connection so need to fetch the IPA CA
remotely very early in the process. Because we weren't honoring the
server flags when doing DNS discovery we didn't know where to fetch
the CA from.

ticket 1090

rob


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Patched code can be simplified like this.



___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


ACK

--
John Dennis 

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] [PATCH] 753 honor domain and server flags in client install

2011-03-15 Thread Adam Young

On 03/15/2011 09:22 AM, Rob Crittenden wrote:
We now use TLS for the LDAP connection so need to fetch the IPA CA 
remotely very early in the process. Because we weren't honoring the 
server flags when doing DNS discovery we didn't know where to fetch 
the CA from.


ticket 1090

rob


___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Patched code  can be simplified like this.
From a36bc4ee93d13c28f8edf2bb94eb4dbfc25be568 Mon Sep 17 00:00:00 2001
From: Rob Crittenden 
Date: Tue, 15 Mar 2011 09:12:35 -0400
Subject: [PATCH] Always consider domain and server when doing DNS discovery in client.

When not on master we weren't passing in the user-supplied domain and
server. Because of changes made that require TLS on the LDAP calls
we always need the server name early in the process to retrieve the IPA
CA certificate.

ticket 1090
---
 ipa-client/ipa-install/ipa-client-install |   12 
 1 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 720e8135326c12aedebf11d958370e5f5d839be2..4ff4c458eb127efab967ee36e0463717a2848e61 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -684,10 +684,8 @@ def main():
 # Create the discovery instance
 ds = ipaclient.ipadiscovery.IPADiscovery()
 
-if options.on_master:
-ret = ds.search(domain=options.domain, server=options.server)
-else:
-ret = ds.search()
+ret = ds.search(domain=options.domain, server=options.server)
+
 if ret == -10:
 print >>sys.stderr, "Can't get the fully qualified name of this host"
 print >>sys.stderr, "Please check that the client is properly configured"
@@ -703,10 +701,8 @@ def main():
 print "DNS discovery failed to determine your DNS domain"
 cli_domain = user_input("Please provide the domain name of your IPA server (ex: example.com)", allow_empty = False)
 logging.debug("will use domain: %s\n", cli_domain)
-if options.on_master:
-ret = ds.search(domain=cli_domain, server=options.server)
-else:
-ret = ds.search(domain=cli_domain)
+ret = ds.search(domain=cli_domain, server=options.server)
+
 if not cli_domain:
 if ds.getDomainName():
 cli_domain = ds.getDomainName()
-- 
1.7.4

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 753 honor domain and server flags in client install

2011-03-15 Thread Rob Crittenden
We now use TLS for the LDAP connection so need to fetch the IPA CA 
remotely very early in the process. Because we weren't honoring the 
server flags when doing DNS discovery we didn't know where to fetch the 
CA from.


ticket 1090

rob


freeipa-rcrit-753-client.patch
Description: application/mbox
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel