diff options
authorRob Crittenden <>2012-06-11 15:43:04 -0400
committerRob Crittenden <>2012-06-13 22:38:14 -0400
commit55d2d92dcf617e468bf05cea3cd8378a855b96e7 (patch)
parent54135ecd9a96f59429cfd535f3add282b535d3e3 (diff)
Add flag to ipa-client-install to managed order of ipa_server in sssd
The --fixed-primary flag determine the order of the ipa_server directive. When set the IPA server discovered (or passed in via --server or via user-input) will be listed first. Otherwise _srv_ is listed first.
2 files changed, 10 insertions, 2 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 79df897..af3d731 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -67,6 +67,8 @@ def parse_options():
basic_group.add_option("--domain", dest="domain", help="domain name")
basic_group.add_option("--server", dest="server", help="IPA server")
basic_group.add_option("--realm", dest="realm_name", help="realm name")
+ basic_group.add_option("--fixed-primary", dest="primary", action="store_true",
+ default=False, help="Configure sssd to use fixed server as primary IPA server")
basic_group.add_option("-p", "--principal", dest="principal",
help="principal to use to join the IPA realm"),
basic_group.add_option("-w", "--password", dest="password", sensitive=True,
@@ -753,7 +755,10 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options, clie
domain.set_option('dns_discovery_domain', cli_domain)
if not options.on_master:
- domain.set_option('ipa_server', '_srv_, %s' % cli_server)
+ if options.primary:
+ domain.set_option('ipa_server', '%s, _srv_' % cli_server)
+ else:
+ domain.set_option('ipa_server', '_srv_, %s' % cli_server)
# the master should only use itself for Kerberos
domain.set_option('ipa_server', cli_server)
diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1
index cf3db2e..caf5957 100644
--- a/ipa-client/man/ipa-client-install.1
+++ b/ipa-client/man/ipa-client-install.1
@@ -33,7 +33,7 @@ This same tool is used to unconfigure IPA and attemps to return the machine to i
Client must use a \fBstatic hostname\fR. If the machine hostname changes for example due to a dynamic hostname assignment by a DHCP server, client enrollment to IPA server breaks and user then would not be able to perform Kerberos authentication.
---hostname option may be used to specify a static hostname that is set in machine system configuration and persist over reboot.
+\-\-hostname option may be used to specify a static hostname that persists over reboot.
@@ -47,6 +47,9 @@ Set the IPA server to connect to
Set the IPA realm name to REALM_NAME
+Configure sssd to use a fixed server as the primary IPA server. The default is to use DNS SRV records to determine the primary server to use and fall back to the server the client is enrolled with.
\fB\-p\fR, \fB\-\-principal\fR
Authorized kerberos principal to use to join the IPA realm.