From 8290d4b4cba8cf0b9ca517f7f09db2ee81606899 Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Mon, 7 Mar 2016 17:41:15 +0100 Subject: [PATCH] only search for Kerberos SRV records when autodiscovery was requested When a list of servers is passed to ipa-client-{install,automount} the search of Kerberos and LDAP SRV records should be suppressed and the specified hostnames used directly as LDAP servers/KDCs. We thus should not performed search for KDCs when the autodiscovery was actually not requested. https://fedorahosted.org/freeipa/ticket/4305 Reviewed-By: Martin Basti --- ipaclient/ipadiscovery.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/ipaclient/ipadiscovery.py b/ipaclient/ipadiscovery.py index ed59529fb..1ba7c1a2d 100644 --- a/ipaclient/ipadiscovery.py +++ b/ipaclient/ipadiscovery.py @@ -273,9 +273,13 @@ class IPADiscovery(object): if not servers and not realm: return REALM_NOT_FOUND - self.kdc = self.ipadnssearchkrbkdc() - self.kdc_source = ( - 'Discovered Kerberos DNS records from %s' % self.domain) + if autodiscovered: + self.kdc = self.ipadnssearchkrbkdc() + self.kdc_source = ( + 'Discovered Kerberos DNS records from %s' % self.domain) + else: + self.kdc = ', '.join(servers) + self.kdc_source = "Kerberos DNS record discovery bypassed" # We may have received multiple servers corresponding to the domain # Iterate through all of those to check if it is IPA LDAP server