[Freeipa-devel] more work on the setup scripts

[Rob Crittenden]

Simo Sorce wrote:
> If there are no objections I will commit this before leaving on Monday.
> 
> - patch for fedroa-ds init scripts bz#248169
> - create the keytab for the ldap service
> - create the sample bind zone
> - test the hostname is set up correctly and resolves to a real IP not
> 127.0.01
> - use the domain portion of the hostname as the DNS domain
>   (ie dns domain may be != realm)
> - fix the kdb5_ldap_util paramter to actually pass the master password
> 
> I still have a problem with GSSAPI authentication against LDAP
> I encoded the same settings I use in my working prototype but SASL auth
> does not work in the installation test environment.
> Raising the log level of fedora-ds shows that the sasl mapping object is
> searched and found, but then fedora-ds tries to find the user account
> using the wrong filter: (&(uid=<username>)) instead oh
> (krbPrinciplaName=<username>@<REALM>) as specified in the configuration.
> The basedn is correct.
> 
> Will digg on this later.

You set the fedora-ds user as fds. We should probably create that user 
if it doesn't already exist.

Looks like you have a typo when setting the sample DNS zone:

bind_fd, bind_name] = tempfile.mkstemp(".db","sammple.zone.")

Otherwise it looks ok.

rob


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070713/23dc56cb/attachment.bin>