diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-10-11 17:30:33 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-10-11 18:26:29 -0400 |
commit | f2fb6552c91fa530597e6deb776d90344bfe67bd (patch) | |
tree | 4eafe5f7372faaba0293e873fdc52dcd4fa91221 /ipa-client/man/ipa-join.1 | |
parent | 498311d2efdeacca0cbaaff68829b9e21da030eb (diff) | |
download | freeipa-f2fb6552c91fa530597e6deb776d90344bfe67bd.tar.gz freeipa-f2fb6552c91fa530597e6deb776d90344bfe67bd.tar.xz freeipa-f2fb6552c91fa530597e6deb776d90344bfe67bd.zip |
Make ipa-join work against an LDAP server that disallows anon binds
We determine the realm in the client installer so we can deduce
the base dn, pass that into ipa-join so we don't have to hunt for
it.
Re-order the bind so when doing an OTP enrollment so we can use the host
entry to authenticate before we retrieve the subject base, then initiate
the enrollment.
If ipa-join is called without a basedn it will still attempt to
determine it, but it will fail if anonymous binds are not allowed.
https://fedorahosted.org/freeipa/ticket/1935
Diffstat (limited to 'ipa-client/man/ipa-join.1')
-rw-r--r-- | ipa-client/man/ipa-join.1 | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/ipa-client/man/ipa-join.1 b/ipa-client/man/ipa-join.1 index 60facdfa9..49887c7a0 100644 --- a/ipa-client/man/ipa-join.1 +++ b/ipa-client/man/ipa-join.1 @@ -20,7 +20,7 @@ .SH "NAME" ipa\-join \- Join a machine to an IPA realm and get a keytab for the host service principal .SH "SYNOPSIS" -ipa\-join [\fB\-d\fR|\fB\-\-debug\fR] [\fB\-q\fR|\fB\-\-quiet\fR] [\fB\-u\fR|\fB\-\-unenroll\fR] [\fB\-h\fR|\fB\-\-hostname\fR hostname] [\fB\-s\fR|\fB\-\-server\fR hostame] [\fB\-k\fR|\fB\-\-keytab\fR filename] [\fB\-w\fR|\fB\-\-bindpw\fR password] [\fB\-?\fR|\fB\-\-help\fR] [\fB\-\-usage\fR] +ipa\-join [\fB\-d\fR|\fB\-\-debug\fR] [\fB\-q\fR|\fB\-\-quiet\fR] [\fB\-u\fR|\fB\-\-unenroll\fR] [\fB\-h\fR|\fB\-\-hostname\fR hostname] [\fB\-s\fR|\fB\-\-server\fR hostame] [\fB\-k\fR|\fB\-\-keytab\fR filename] [\fB\-w\fR|\fB\-\-bindpw\fR password] [\fB-b\fR|\-\-\fBbasedn basedn\fR] [\fB\-?\fR|\fB\-\-help\fR] [\fB\-\-usage\fR] .SH "DESCRIPTION" Joins a host to an IPA realm and retrieves a kerberos \fIkeytab\fR for the host service principal, or unenrolls an enrolled host from an IPA server. @@ -61,6 +61,9 @@ The keytab file where to append the new key (will be created if it does not exis \fB\-w,\-\-bindpw password\fR The password to use if not using Kerberos to authenticate. Use a password of this particular host (one time password created on IPA server) .TP +\fB\-b,\-\-basedn basedn\fR +The basedn of the IPA server (of the form dc=example,dc=com). This is only needed when not using Kerberos to authenticate and anonymous binds are disallowed in the IPA LDAP server. +.TP \fB\-u,\-\-unenroll\fR Unenroll this host from the IPA server. No keytab entry is removed in the process (see |