mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
3735450ab8
If a hostname was provided it wasn't used to configure either certmonger or sssd. This resulted in a non-working configuration. Additionally on un-enrollment the wrong hostname was unenrolled, it used the value of gethostname() rather than the one that was passed into the installer. We have to modify the CA configuration of certmonger to make it use the right principal when requesting certificates. The filename is unpredicable but it will be in /var/lib/certmonger/cas. We need to hunt for ipa_submit and add -k <principal> to it, then undo that on uninstall. These files are created the first time the certmonger service starts, so start and stop it before messing with them. ticket 1029
This is a set of libraries common to IPA clients and servers though mostly
geared currently towards command-line tools.
A brief overview:
config.py - identify the IPA server domain and realm. It uses dnsclient to
try to detect this information first and will fall back to
/etc/ipa/default.conf if that fails.
dnsclient.py - find IPA information via DNS
ipautil.py - helper functions
entity.py - entity is the main data type. User and Group extend this class
(but don't add anything currently).
ipavalidate.py - basic data validation routines