[Freeipa-users] Accessing IPA servers on no-standard port
Rob Crittenden
rcritten at redhat.com
Fri Sep 27 02:51:25 UTC 2013
Chandan Kumar wrote:
> Hello,
>
> I have basic configuration question, my apologies if it has already been
> discussed.
>
> I have ipa-server-3 server installed with default parameters with
> replication.
>
> We have Linux machines across different geo location and I would like to
> integrate them into IPA server, however, I don't want external clients
> to connect the server on standard port.
>
> For example, during ipa-client registration it requires all IPA services
> to be running on default port.
>
> Such as : trying https://ipa01.my.net/ipa/xml
>
> kdc = ipa01.my.net:88 <http://ipa01.my.net:88>
> master_kdc = ipa01.my.net:88 <http://ipa01.my.net:88>
> admin_server = ipa01.my.net:749 <http://ipa01.my.net:749>
>
> Is there any way in ipa-client-install or sssd file to instruct IPA
> client to connect to IPA server on no-standard ports such as
>
> trying https://ipa01.my.net:8080/ipa/xml
>
> This way I don't have to allocate a separate IP or additional web server
> to redirect the requests a simple NAT at firewall will do such as
> external 8080 -> internal 443
Currently there is no way to do this. I'd have sworn we had a ticket to
add this but a quick search didn't turn it up. If you'd like this
supported feel free to open a ticket at
https://fedorahosted.org/freeipa/newticket
I don't think this would be tremendously difficult to do, the trick
would be communicating the port to clients somehow while they are trying
to enroll. A command-line option would probably be the shortest path.
This may be decent low-hanging fruit if you're interested in being a
contributor to IPA.
rob
More information about the Freeipa-users
mailing list