RFE: ipa client should setup openldap for GSSAPI

The IPA client installer currently edits /etc/openldap/ldap.conf, setting up the client to consume LDAP data from IPA. It currently sets: URI BASE TLS_CACERT This PR makes ipa-client to add this AV pair: SASL_MECH GSSAPI Resolves: https://pagure.io/freeipa/issue/7366 Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2025-02-25 18:55:28 -06:00 · 2018-01-16 17:34:08 +05:30 · 2018-01-16 17:34:08 +05:30 · 07be3306c1
commit 07be3306c1
parent 5165afd501
1 changed files with 12 additions and 2 deletions
--- a/ipaclient/install/client.py
+++ b/ipaclient/install/client.py
@ -522,8 +522,12 @@ def configure_openldap_conf(fstore, cli_basedn, cli_server):
        {
            'name': 'comment',
            'type': 'comment',
-            'value': '   URI, BASE and TLS_CACERT have been added if they '
-                     'were not set.'
+            'value': '   URI, BASE, TLS_CACERT and SASL_MECH'
+        },
+        {
+            'name': 'comment',
+            'type': 'comment',
+            'value': '   have been added if they were not set.'
        },
        {
            'name': 'comment',
@ -573,6 +577,12 @@ def configure_openldap_conf(fstore, cli_basedn, cli_server):
            'type': 'option',
            'value': paths.IPA_CA_CRT
        },
+        {
+            'action': 'addifnotset',
+            'name': 'SASL_MECH',
+            'type': 'option',
+            'value': 'GSSAPI'
+        },
    ]

    target_fname = paths.OPENLDAP_LDAP_CONF