[Freeipa-users] some documentation issues
Alexander Bokovoy
abokovoy at redhat.com
Tue May 12 05:41:22 UTC 2015
On Tue, 12 May 2015, Arthur Fayzullin wrote:
>В Пн, 11/05/2015 в 11:35 -0400, Dmitri Pal пишет:
>> AFAIR some time ago we stopped fetching host cert by default. There was
>> no use of it so we decided not issue a cert that has not practical use.
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Director of Engineering for IdM portfolio
>> Red Hat, Inc.
>>
>
>Yes, I have noticed it from reference debian instalation and from
>EL7&fedora instalation. But this step is present in documentation, and
>it containes mistake.
Please file a documentation bug.
>Also, I have one question about
>/etc/ipa/default.conf
>file.
>
>it looks something like this:
>[global]
>basedn = dc=<domain_part>,dc=<domain_part>
>realm = <REALM>
>domain = <domain>
>server = <dc1>.<domain>
>xmlrpc_uri = https://<dc1>.<domain>/ipa/xml
>enable_ra = True
>
>is there any way to configure it for HA? in case I will get one freeipa
>server replica down.
IPA command line tools are using SRV records for _ldap._tcp.$DOMAIN to
find out list of servers to talk to. The server specified in
default.conf is used first but if it fails, connection attempts continue
through the list of servers discovered via SRV records.
So, you don't need to change anything.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list