[Freeipa-devel] [PATCH] 249 host enrollment
Dmitri Pal
dpal at redhat.com
Tue Aug 11 18:33:57 UTC 2009
>> Does ipa-client-install bring admin utils?
>> What is its purpose?
>
> It configures the machine to be an IPA client. It configures nss_ldap,
> etc. It also creates some configuration files we need such as what IPA
> server to talk to and the CA cert for that server.
>
>> I though the sequence of operations would be somewhat (do not look at
>> the names, I do not expect them to be exactly as I put them):
>> yum install ipa-client-enrollment
>> ipa-enroll ...
>>
>> The enroll will also do some configuration as it used to do in v1 but
>> other than that I expected the mentioned sequence.
>> I scanned quickly through the patch but was not able to see whether
>> things work as I expect or not.
>
> I did this as a separate step. It can be included in the
> ipa-client-install sequence though it currently is not.
IMO the logic should be a bit reverse. The enrollment script should
invoke the old IPA client installation script (somewhere at the
beginning of the enrollment process) internally if SSSD is not detected.
If SSSD is detected it should configure IPA back end as a part of the
enrollment and not touch nss_ldap in this case. Optionally we probably
can configure automount or some other maps (but I am not sure that
was/is a requirement at the moment).
--
Thank you,
Dmitri Pal
Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list