diff options
| author | Martin Kosek <mkosek@redhat.com> | 2013-03-19 08:57:18 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-03-20 09:22:10 +0100 |
| commit | be54d1deb5e40945e4ead5b34d9acde88c1e8264 (patch) | |
| tree | 7a3aab25927cd478bf240ef8ffcd6c23528bc686 /ipa-client | |
| parent | 6c85b88874d099a909c5662a6a32c045439e0b2c (diff) | |
| download | freeipa-be54d1deb5e40945e4ead5b34d9acde88c1e8264.tar.gz freeipa-be54d1deb5e40945e4ead5b34d9acde88c1e8264.tar.xz freeipa-be54d1deb5e40945e4ead5b34d9acde88c1e8264.zip | |
ipa-client discovery with anonymous access off
When RootDSE could be read (nsslapd-allow-anonymous-access set to
"rootdse"), autodiscovery module failed to report success to the
client installer.
Remove faulty "verified_servers" flag from autodiscovery module as
it has no point since we consider both scenarios (IPA server with
anonymous access on and unknown LDAP server with anonymous access
off) as success.
https://fedorahosted.org/freeipa/ticket/3519
Diffstat (limited to 'ipa-client')
| -rw-r--r-- | ipa-client/ipaclient/ipadiscovery.py | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/ipa-client/ipaclient/ipadiscovery.py b/ipa-client/ipaclient/ipadiscovery.py index 9a58b9678..ab35cea8c 100644 --- a/ipa-client/ipaclient/ipadiscovery.py +++ b/ipa-client/ipaclient/ipadiscovery.py @@ -234,7 +234,6 @@ class IPADiscovery(object): ldapaccess = True root_logger.debug("[LDAP server check]") valid_servers = [] - verified_servers = False # is at least one server valid? for server in servers: root_logger.debug('Verifying that %s (realm %s) is an IPA server', server, self.realm) @@ -249,7 +248,6 @@ class IPADiscovery(object): valid_servers.append(server) # verified, we actually talked to the remote server and it # is definetely an IPA server - verified_servers = True if autodiscovered: # No need to keep verifying servers if we discovered them # via DNS @@ -285,14 +283,12 @@ class IPADiscovery(object): self.realm_source = 'Assumed same as domain' root_logger.debug( "Assuming realm is the same as domain: %s", self.realm) - verified_servers = True if not ldapaccess and self.basedn is None: # Generate suffix from realm self.basedn = realm_to_suffix(self.realm) self.basedn_source = 'Generated from Kerberos realm' root_logger.debug("Generated basedn from realm: %s" % self.basedn) - verified_servers = True root_logger.debug( "Discovery result: %s; server=%s, domain=%s, kdc=%s, basedn=%s", @@ -304,7 +300,7 @@ class IPADiscovery(object): # If we have any servers left then override the last return value # to indicate success. - if verified_servers: + if valid_servers: self.server = servers[0] ldapret[0] = 0 |