[Freeipa-devel] [PATCH] 0004 (2) Make proper LDAP configuration reporting for ipa-cli-install
Alexander Bokovoy
abokovoy at redhat.com
Fri Jul 29 15:35:58 UTC 2011
On 29.07.2011 18:09, Rob Crittenden wrote:
> Backtrace on sssd-based install:
>
> # ipa-client-install --server=panther.greyoak.com --domain=greyoak.com
> --realm=GREYOAK.COM -p admin
> DNS domain 'greyoak.com' is not configured for automatic KDC address
> lookup.
> KDC address will be set to fixed value.
>
> Discovery was successful!
> Hostname: slinky.greyoak.com
> Realm: GREYOAK.COM
> DNS Domain: greyoak.com
> IPA Server: panther.greyoak.com
> BaseDN: dc=greyoak,dc=com
>
>
> Continue to configure the system with these values? [no]: y
> Password for admin at GREYOAK.COM:
>
> Enrolled in IPA realm GREYOAK.COM
> Created /etc/ipa/default.conf
> Configured /etc/sssd/sssd.conf
> Configured /etc/krb5.conf for IPA realm GREYOAK.COM
> SSSD enabled
> Kerberos 5 enabled
> Traceback (most recent call last):
> File "/usr/sbin/ipa-client-install", line 1079, in <module>
> sys.exit(main())
> File "/usr/sbin/ipa-client-install", line 1054, in main
> print "Unable to use DNS discovery! Recognized configuration: %s" %
> (conf)
> UnboundLocalError: local variable 'conf' referenced before assignment
Yes. Fixed that.
What we also want to show is that after all effort to configure LDAP,
DNS, etc, we are unable to find user admin. I have changed the printed
statements to be clear. So in case we are unable to find admin, we'll print:
----------------
Unable to find 'admin' user with 'getent passwd admin'!
----------------
If we know what we were working with (SSSD, NSLCD, or LDAP), we'll also
print:
----------------
Recognized configuration: (one of SSSD, NSLCD, LDAP)
----------------
otherwise it will show following statement:
----------------
No recognized configuration, please check manually NSS setup
----------------
and will try to hardcode LDAP server in /etc/ldap.conf if that exists.
If the latter attempt succeeds, user will see:
----------------
Changed configuration of /etc/ldap.conf to use hardcoded server name:
(name of server)
----------------
I think it is at most what we can do without referencing hardcoded
config files directly (except for /etc/ldap.conf) in 2.1. Ideally, all
this code for configuring specific services should go into
platform-specific backend and be re-used from there but that is
something for 2.1.1 as it would need my cross-platform enablers which
are too big for 2.1.
--
/ Alexander Bokovoy
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: freeipa-abbra-0004-4-ticket-1369.patch
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110729/9c8e9410/attachment.ksh>
More information about the Freeipa-devel
mailing list