[Freeipa-devel] [PATCH] 0033 Check all LDAP servers during IPA discovery
Rob Crittenden
rcritten at redhat.com
Fri Dec 9 22:28:32 UTC 2011
Alexander Bokovoy wrote:
> On Fri, 09 Dec 2011, Rob Crittenden wrote:
>> Alexander Bokovoy wrote:
>>> On Fri, 02 Dec 2011, Rob Crittenden wrote:
>>>> Alexander Bokovoy wrote:
>>>>> Hi,
>>>>>
>>>>> This is patch proposal, I haven't checked it with multiple servers
>>>>> setup yet.
>>>>>
>>>>> When discovering IPA LDAP servers through DNS records, look through all
>>>>> servers found until first success. A master might be not available or
>>>>> denied access due to anonymous binds disabled, for example, but
>>>>> replica may succeed.
>>>>>
>>>>> Ticket #1827
>>>>> https://fedorahosted.org/freeipa/ticket/1827
>>>>
>>>> Needs a rebase.
>>>>
>>>> This works fine but I wonder if someone specifies --server on the
>>>> command-line if we should try only that server and fail if we can't
>>>> connect. I can see someone using that so they can specify which
>>>> server the client uses.
>>> Rebase attached.
>>>
>>> If --server is specified, DNS discovery is bypassed in search() and
>>> self.server will have the value of --server. That means the code I
>>> changed will still work as parse_items() accepts a single item as
>>> well.
>>
>> I don't see the --server code included in the patch.
> Because it is not needed.
>
> search() method gets value of --server option passed as server named
> argument. If it is not None, the whole discovery is avoided and that
> value is assigned to self.server.
>
> self.server is then parsed via parse_items() and iterated over -- with
> a single iteration in the case --server is specified.
>
Ah, right you are. Works great, pushed to master.
rob
More information about the Freeipa-devel
mailing list