[Freeipa-users] A crazy idea maybe, migration to Free-IPA 4.1.

Orkhan Gasimov orkhan-azeri at mail.ru
Fri Oct 24 06:57:05 UTC 2014

Awesome, it worked!

Just one final question: how to make that script search not only in 
ipa1.example.com's LDAP database, but also in ipa2.example.com's LDAP in 
case ipa1 is inaccessible? It's vital for a production environment!

I tried copying the whole section of code from " ldapsearch ..." to "... 
and putting it after a new instance of " if [ ! -s "$tmpf" ]; then ", 
but it didn't work (I'm not a programmer...).

My current cron script is like this: 

Programmers, please take a glance at the file - logically it shouldn't 
be difficult to make necessary modifications,
but I don't know how...

23-Oct-14 21:40, Alexander Bokovoy пишет:
> try adding something like this:
> old_krb5_ccache=${KRB5_CCACHE}
> KRB5_CCACHE=/tmp/_hostgroups_access.ccache.$$
> export KRB5_CCACHE
> kinit -k -t /etc/krb5.keytab host/`hostname`
> # perform actual search
> ldapsearch -Y GSSAPI .....
> # end of script
> kdestroy
> KRB5_CCACHE=${old_krb5_ccache}
> export KRB5_CCACHE 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141024/53485df6/attachment.htm>

More information about the Freeipa-users mailing list