[Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
Dmitri Pal
dpal at redhat.com
Fri Nov 11 18:00:29 UTC 2011
On 11/11/2011 11:35 AM, Ondrej Hamada wrote:
> On 11/11/2011 03:25 PM, Alexander Bokovoy wrote:
>> On Fri, 11 Nov 2011, Rob Crittenden wrote:
>>> Ondrej Hamada wrote:
>>>> https://fedorahosted.org/freeipa/ticket/2063
>>>>
>>>> In order to check presence of nss_ldap when installing client with
>>>> '--no-sssd' option there was added code into ipa-client-install. Check
>>>> is base on existence of nss_ldap configuration files. This
>>>> configuration
>>>> could be in 'etc/ldap.conf', '/etc/nss_ldap.conf' or
>>>> '/etc/libnss_ldap.conf'. Presence of any of these files is
>>>> considered as
>>>> success otherwise failure.
>>> I think we should check for nslcd.conf as well and report that
>>> neither nss-ldap nor nss-pam-ldapd are installed.
>> We have already code in configure_ldap_config() and
>> configure_nslcd_conf that checks all these different files and after
>> configuration reports what was configured.
>>
>> I would rather did a commonalization of detection instead of
>> duplicating the code. We can re-use result of detecting what exists
>> later in configure_{ldap,nslcd}_config().
>>
> I'll do it, but I have question:
> configure_ldap_config() also checks whether file 'pam_ldap.conf'
> exists. Is installed pam_ldap package without nss_ldap enough to allow
> ipa-client installation with --no-sssd option?
>
pam-ldap by itself is not enough. There should be something for nss. But
there are different combinations of packages depending upon RHEL version.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list