[Freeipa-devel] [PATCH] 0010 Add 'host' setting into default.conf configuration file

Jan Cholasta jcholast at redhat.com
Wed Sep 3 13:41:58 UTC 2014 

Dne 3.9.2014 v 15:29 Nalin Dahyabhai napsal(a):
> On Tue, Sep 02, 2014 at 10:18:12AM +0200, Jan Cholasta wrote:
>> Dne 27.8.2014 v 16:49 David Kupka napsal(a):
>>> On 08/27/2014 11:22 AM, Jan Cholasta wrote:
>>>> Dne 26.8.2014 v 15:55 Rob Crittenden napsal(a):
>>>>> David Kupka wrote:
>>>>>> On 08/26/2014 03:08 PM, Jan Cholasta wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> Dne 26.8.2014 v 13:01 David Kupka napsal(a):
>>>>>>>> https://fedorahosted.org/freeipa/ticket/4481
>>>>>>>
>>>>>>> Doing this will break ipa-client-automount and ipa-certupdate, because
>>>>>>> they assume that api.env.host contains the hostname of the local
>>>>>>> system
>>>>>>> (which is the default value).
>>>>>>
>>>>>> It looked suspiciously simple so I could expect that there is some
>>>>>> catch.
>>>>>>>
>>>>>>> There is obviously some confusion about what the option should
>>>>>>> represent
>>>>>>> (documentation says server hostname, code does client hostname),
>>>>>>> IMO we
>>>>>>> should resolve that first.
>>>>>>
>>>>>> Ok, are there any suggestions? What is the desired state?
>>>>>
>>>>> AIUI the server option is deprecated because it wasn't being used, not
>>>>> that it needed to be replaced. I believe that in most cases the server
>>>>> name is pulled from the xmlrpc_uri.
>>>>
>>>> Yes, that's what the ticket says:
>>>> <https://fedorahosted.org/freeipa/ticket/3071>.
>>>
>>> Ok, adding 'host' entry with local host name.
>>>>>
>>>>> host has always meant the local host name.
>>>>>
>>>>> I think the man page is wrong.
>>>>
>>>> +1
>>>>
>>> Fixing the line in man page.
>>>>>
>>>>> rob
>>
>> ACK as long as this works for Nalin.
>
> The other half of this was cases where there's no ldap_uri set.  Just so
> there's no confusion, if ldap_uri and/or server_uri are not set, what
> are the recommended fallback settings that should be used for
> constructing them?  I suspect it's "server", then "host", which is the
> reverse of the order that they're currently being consulted, but I
> figured I'd ask while we're all here.

"ldap_uri" is set only on servers, on clients you should use "server" 
(we should probably un-deprecate it). You could use "host" as a 
fallback, but it will only work on servers, as it points to the local 
host. IMO the right order is "server", then "ldap_uri", then maybe "host".

>
> Thanks,
>
> Nalin
>


-- 
Jan Cholasta

More information about the Freeipa-devel mailing list