[Freeipa-devel] [PATCH 0391] replicainstall: Add check for domain if server is specified
Tomas Babej
tbabej at redhat.com
Mon Dec 7 13:17:40 UTC 2015
On 12/04/2015 08:22 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> On 12/04/2015 07:17 PM, Tomas Babej wrote:
>>> Hi,
>>>
>>> Avoids failing in the later stages during the ipa-client-install
>>> command.
>>>
>>> Tomas
>>
>> Is this change needed? Wouldn't it be better to update
>> ipa-client-install or ipa-replica-install to not require the --domain
>> option? I would hope that --domain can be figured out during
>> installation and not passed to ipa-replica-install manually by the admin.
>>
>> I just think that calling
>> # ipa-replica-install --server=master.example.com
>> is better than
>> # ipa-replica-install --server=master.example.com --domain example.com
>> if possible.
>
> IIRC this is for service discovery when using a specific server and not
> LDAP. This is the domain used to search for the kerberos realm, for
> example.
>
> That isn't to say this isn't discoverable but it would require another
> function in discovery to query what the IPA domain is from the given
> master but it gets tricky if anonymous search is disabled, for example.
>
> rob
>
Needed or not, this is the behaviour that ipa-client-install has now.
Adding a domain detection method would be a RFE for ipa-client-install
(and imho not something we should be adding at this point).
This patch only focuses on making the ipa-replica-install work more
smoothly.
Tomas
More information about the Freeipa-devel
mailing list