summaryrefslogtreecommitdiffstats
path: root/ipa-client/ipaclient
diff options
context:
space:
mode:
authorMartin Kosek <mkosek@redhat.com>2013-03-19 08:57:18 +0100
committerMartin Kosek <mkosek@redhat.com>2013-03-20 09:22:10 +0100
commitbe54d1deb5e40945e4ead5b34d9acde88c1e8264 (patch)
tree7a3aab25927cd478bf240ef8ffcd6c23528bc686 /ipa-client/ipaclient
parent6c85b88874d099a909c5662a6a32c045439e0b2c (diff)
downloadfreeipa-be54d1deb5e40945e4ead5b34d9acde88c1e8264.tar.gz
freeipa-be54d1deb5e40945e4ead5b34d9acde88c1e8264.tar.xz
freeipa-be54d1deb5e40945e4ead5b34d9acde88c1e8264.zip
ipa-client discovery with anonymous access off
When RootDSE could be read (nsslapd-allow-anonymous-access set to "rootdse"), autodiscovery module failed to report success to the client installer. Remove faulty "verified_servers" flag from autodiscovery module as it has no point since we consider both scenarios (IPA server with anonymous access on and unknown LDAP server with anonymous access off) as success. https://fedorahosted.org/freeipa/ticket/3519
Diffstat (limited to 'ipa-client/ipaclient')
-rw-r--r--ipa-client/ipaclient/ipadiscovery.py6
1 files changed, 1 insertions, 5 deletions
diff --git a/ipa-client/ipaclient/ipadiscovery.py b/ipa-client/ipaclient/ipadiscovery.py
index 9a58b9678..ab35cea8c 100644
--- a/ipa-client/ipaclient/ipadiscovery.py
+++ b/ipa-client/ipaclient/ipadiscovery.py
@@ -234,7 +234,6 @@ class IPADiscovery(object):
ldapaccess = True
root_logger.debug("[LDAP server check]")
valid_servers = []
- verified_servers = False # is at least one server valid?
for server in servers:
root_logger.debug('Verifying that %s (realm %s) is an IPA server',
server, self.realm)
@@ -249,7 +248,6 @@ class IPADiscovery(object):
valid_servers.append(server)
# verified, we actually talked to the remote server and it
# is definetely an IPA server
- verified_servers = True
if autodiscovered:
# No need to keep verifying servers if we discovered them
# via DNS
@@ -285,14 +283,12 @@ class IPADiscovery(object):
self.realm_source = 'Assumed same as domain'
root_logger.debug(
"Assuming realm is the same as domain: %s", self.realm)
- verified_servers = True
if not ldapaccess and self.basedn is None:
# Generate suffix from realm
self.basedn = realm_to_suffix(self.realm)
self.basedn_source = 'Generated from Kerberos realm'
root_logger.debug("Generated basedn from realm: %s" % self.basedn)
- verified_servers = True
root_logger.debug(
"Discovery result: %s; server=%s, domain=%s, kdc=%s, basedn=%s",
@@ -304,7 +300,7 @@ class IPADiscovery(object):
# If we have any servers left then override the last return value
# to indicate success.
- if verified_servers:
+ if valid_servers:
self.server = servers[0]
ldapret[0] = 0