summaryrefslogtreecommitdiffstats
path: root/ipa-client/man/ipa-join.1
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-10-11 17:30:33 -0400
committerRob Crittenden <rcritten@redhat.com>2011-10-11 18:26:29 -0400
commitf2fb6552c91fa530597e6deb776d90344bfe67bd (patch)
tree4eafe5f7372faaba0293e873fdc52dcd4fa91221 /ipa-client/man/ipa-join.1
parent498311d2efdeacca0cbaaff68829b9e21da030eb (diff)
downloadfreeipa-f2fb6552c91fa530597e6deb776d90344bfe67bd.tar.gz
freeipa-f2fb6552c91fa530597e6deb776d90344bfe67bd.tar.xz
freeipa-f2fb6552c91fa530597e6deb776d90344bfe67bd.zip
Make ipa-join work against an LDAP server that disallows anon binds
We determine the realm in the client installer so we can deduce the base dn, pass that into ipa-join so we don't have to hunt for it. Re-order the bind so when doing an OTP enrollment so we can use the host entry to authenticate before we retrieve the subject base, then initiate the enrollment. If ipa-join is called without a basedn it will still attempt to determine it, but it will fail if anonymous binds are not allowed. https://fedorahosted.org/freeipa/ticket/1935
Diffstat (limited to 'ipa-client/man/ipa-join.1')
-rw-r--r--ipa-client/man/ipa-join.15
1 files changed, 4 insertions, 1 deletions
diff --git a/ipa-client/man/ipa-join.1 b/ipa-client/man/ipa-join.1
index 60facdfa9..49887c7a0 100644
--- a/ipa-client/man/ipa-join.1
+++ b/ipa-client/man/ipa-join.1
@@ -20,7 +20,7 @@
.SH "NAME"
ipa\-join \- Join a machine to an IPA realm and get a keytab for the host service principal
.SH "SYNOPSIS"
-ipa\-join [\fB\-d\fR|\fB\-\-debug\fR] [\fB\-q\fR|\fB\-\-quiet\fR] [\fB\-u\fR|\fB\-\-unenroll\fR] [\fB\-h\fR|\fB\-\-hostname\fR hostname] [\fB\-s\fR|\fB\-\-server\fR hostame] [\fB\-k\fR|\fB\-\-keytab\fR filename] [\fB\-w\fR|\fB\-\-bindpw\fR password] [\fB\-?\fR|\fB\-\-help\fR] [\fB\-\-usage\fR]
+ipa\-join [\fB\-d\fR|\fB\-\-debug\fR] [\fB\-q\fR|\fB\-\-quiet\fR] [\fB\-u\fR|\fB\-\-unenroll\fR] [\fB\-h\fR|\fB\-\-hostname\fR hostname] [\fB\-s\fR|\fB\-\-server\fR hostame] [\fB\-k\fR|\fB\-\-keytab\fR filename] [\fB\-w\fR|\fB\-\-bindpw\fR password] [\fB-b\fR|\-\-\fBbasedn basedn\fR] [\fB\-?\fR|\fB\-\-help\fR] [\fB\-\-usage\fR]
.SH "DESCRIPTION"
Joins a host to an IPA realm and retrieves a kerberos \fIkeytab\fR for the host service principal, or unenrolls an enrolled host from an IPA server.
@@ -61,6 +61,9 @@ The keytab file where to append the new key (will be created if it does not exis
\fB\-w,\-\-bindpw password\fR
The password to use if not using Kerberos to authenticate. Use a password of this particular host (one time password created on IPA server)
.TP
+\fB\-b,\-\-basedn basedn\fR
+The basedn of the IPA server (of the form dc=example,dc=com). This is only needed when not using Kerberos to authenticate and anonymous binds are disallowed in the IPA LDAP server.
+.TP
\fB\-u,\-\-unenroll\fR
Unenroll this host from the IPA server. No keytab entry is removed in the process
(see