IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add flag to ipa-client-install to managed order of ipa_server in sssd

Browse Source 
The --fixed-primary flag determine the order of the ipa_server directive.
When set the IPA server discovered (or passed in via --server or via
user-input) will be listed first. Otherwise _srv_ is listed first.

https://fedorahosted.org/freeipa/ticket/2282
This commit is contained in:
Rob Crittenden 2012-06-11 15:43:04 -04:00
parent 54135ecd9a
commit 55d2d92dcf
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ipa-client/ipa-install/ipa-client-install
View File

@ -67,6 +67,8 @@ def parse_options():
basic_group.add_option("--domain", dest="domain", help="domain name")
basic_group.add_option("--server", dest="server", help="IPA server")
basic_group.add_option("--realm", dest="realm_name", help="realm name")
basic_group.add_option("--fixed-primary", dest="primary", action="store_true",
default=False, help="Configure sssd to use fixed server as primary IPA server")
basic_group.add_option("-p", "--principal", dest="principal",
help="principal to use to join the IPA realm"),
basic_group.add_option("-w", "--password", dest="password", sensitive=True,
@ -753,7 +755,10 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options, clie
domain.set_option('dns_discovery_domain', cli_domain)
if not options.on_master:
domain.set_option('ipa_server', '_srv_, %s' % cli_server)
if options.primary:
domain.set_option('ipa_server', '%s, _srv_' % cli_server)
else:
domain.set_option('ipa_server', '_srv_, %s' % cli_server)
else:
# the master should only use itself for Kerberos
domain.set_option('ipa_server', cli_server)

5
ipa-client/man/ipa-client-install.1
View File

@ -33,7 +33,7 @@ This same tool is used to unconfigure IPA and attemps to return the machine to i
.SS "HOSTNAME REQUIREMENTS"
Client must use a \fBstatic hostname\fR. If the machine hostname changes for example due to a dynamic hostname assignment by a DHCP server, client enrollment to IPA server breaks and user then would not be able to perform Kerberos authentication.
--hostname option may be used to specify a static hostname that is set in machine system configuration and persist over reboot.
\-\-hostname option may be used to specify a static hostname that persists over reboot.
.SH "OPTIONS"
.SS "BASIC OPTIONS"
@ -47,6 +47,9 @@ Set the IPA server to connect to
\fB\-\-realm\fR=\fIREALM_NAME\fR
Set the IPA realm name to REALM_NAME
.TP
\fB\-\-fixed\-primary\fR
Configure sssd to use a fixed server as the primary IPA server. The default is to use DNS SRV records to determine the primary server to use and fall back to the server the client is enrolled with.
.TP
\fB\-p\fR, \fB\-\-principal\fR
Authorized kerberos principal to use to join the IPA realm.
.TP