Compare resolver IP address with DNS IP address

We check the resolver against the resolver and DNS against DNS but not
the resolver against DNS so if something is wrong in /etc/hosts we don't
catch it and nasty connection messages occur.

Also fix a problem where a bogus error message was being displayed because
we were trying to close an unconnected LDAP connection.

ticket 327

ipaserver/install/dsinstance.py

@@ -133,7 +133,7 @@ def has_managed_entries(host_name, dm_password):
         logging.critical("Could not connect to the Directory Server on %s" % host_name)
         raise e
     finally:
-        if conn:
+        if conn.isconnected():
             conn.disconnect()
 
 

ipaserver/install/installutils.py

@@ -59,6 +59,7 @@ def verify_fqdn(host_name,no_host_dns=False):
         if a[4][0] == '127.0.0.1' or a[4][0] == '::1':
             raise RuntimeError("The IPA Server hostname cannot resolve to localhost (%s). A routable IP address must be used. Check /etc/hosts to see if %s is an alias for %s" % (a[4][0], host_name, a[4][0]))
         try:
+            revaddr = a[4][0]
             revname = socket.gethostbyaddr(a[4][0])[0]
         except:
             raise RuntimeError("Unable to resolve the reverse ip address, check /etc/hosts or DNS name resolution")
@@ -97,6 +98,8 @@ def verify_fqdn(host_name,no_host_dns=False):
 
     addr = socket.inet_ntoa(struct.pack('<L',rec.rdata.address))
     ipaddr = socket.inet_ntoa(struct.pack('!L',rec.rdata.address))
+    if revaddr != ipaddr:
+        raise RuntimeError("The network address %s does not match the reverse lookup %s. Check /etc/hosts and ensure that %s is the IP address for %s" % (ipaddr, revaddr, ipaddr, host_name))
 
     addr = addr + ".in-addr.arpa."
     rs = dnsclient.query(addr, dnsclient.DNS_C_IN, dnsclient.DNS_T_PTR)