[Freeipa-devel] [PATCH] 273 join a host to an IPA domain

Pavel Zuna pzuna at redhat.com
Tue Sep 15 12:41:27 UTC 2009 

Pavel Zuna wrote:
> Rob Crittenden wrote:
>> NOTE, this patch replaces a previous patch to do the same thing. I 
>> fixed a few problems Simo pointed out and re-based it against the 
>> current master.
>>
>> This largish patch adds host enrollment. There are several scenarios 
>> that are covered. All of these assume that the IPA client machine has 
>> already been set up (ipa-client-install):
>>
>> 1. Full admin enrollment. This will create the host entry, a host/ 
>> service principal and a keytab for that principal in /etc/krb5.keytab.
>>
>> 2. Junior admin enrollment. There are lots of levels of delegation 
>> possible here, but at a minimum they would be able to enroll an 
>> existing host by creating the service principal and keytab. Additional 
>> rights such as adding a host could be added as well.
>>
>> 3. Bulk enrollment. If a host entry is pre-created by another admin 
>> and it contains an enrollment password (in the userPassword attribute) 
>> then an LDAP-based enrollment can take place. The client binds as the 
>> host and generates a keytab for itself.
>>
>> One really significant change is I've switch to openldap as the LDAP 
>> client. Doing SSL with mozldap would have required a significant 
>> amount of more code (because we can't assume there is already an NSS 
>> db lying around that trusts the IPA CA).
>>
>> I didn't completely disable the mozldap option but by default things 
>> will build with openldap now.
>>
>> This also adds a first pass at Get Effective Rights support. This is 
>> so we can know in advance if an operation would succeed and makes 
>> things generally nicer.
>>
>> rob
> Looking good!
> 
> I noticed it makes changes to the host plugin and since this is probably 
> going to get into the tree first: here's an updated version of my host 
> plugin patch.
> 
> Pavel
Oops! Bad patch.

Pavel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Make-the-host-plugin-use-baseldap-classes.patch
Type: application/mbox
Size: 14026 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090915/36627f10/attachment.mbox>

More information about the Freeipa-devel mailing list