summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xipa-client/ipa-install/ipa-client-install9
-rw-r--r--ipa-client/ipaclient/ipadiscovery.py70
2 files changed, 66 insertions, 13 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 5542f441b..7e52b7516 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -491,7 +491,7 @@ def configure_sssd_conf(fstore, cli_domain, cli_server, options):
def main():
options = parse_options()
logging_setup(options)
- dnsok = True
+ dnsok = False
env={"PATH":"/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin"}
global fstore
@@ -518,7 +518,7 @@ def main():
# Create the discovery instance
ds = ipaclient.ipadiscovery.IPADiscovery()
- ret = ds.search(domain=options.domain, server=options.server)
+ ret = ds.search()
if ret == -10:
print "Can't get the fully qualified name of this host"
print "Please check that the client is properly configured"
@@ -532,13 +532,12 @@ def main():
else:
print "DNS discovery failed to determine your DNS domain"
cli_domain = user_input("Please provide the domain name of your IPA server (ex: example.com)", allow_empty = False)
- ret = ds.search(domain=cli_domain, server=options.server)
+ ret = ds.search(domain=cli_domain)
if not cli_domain:
if ds.getDomainName():
cli_domain = ds.getDomainName()
if ret == -2 or not ds.getServerName():
- dnsok = False
logging.debug("IPA Server not found")
if options.server:
cli_server = options.server
@@ -548,6 +547,8 @@ def main():
print "DNS discovery failed to find the IPA Server"
cli_server = user_input("Please provide your IPA server name (ex: ipa.example.com)", allow_empty = False)
ret = ds.search(domain=cli_domain, server=cli_server)
+ else:
+ dnsok = True
if not cli_server:
if ds.getServerName():
cli_server = ds.getServerName()
diff --git a/ipa-client/ipaclient/ipadiscovery.py b/ipa-client/ipaclient/ipadiscovery.py
index 45d5bd358..21873632f 100644
--- a/ipa-client/ipaclient/ipadiscovery.py
+++ b/ipa-client/ipaclient/ipadiscovery.py
@@ -31,6 +31,31 @@ class IPADiscovery:
self.server = None
self.basedn = None
+ def __get_resolver_domains(self):
+ """
+ Read /etc/resolv.conf and return all the domains found in domain and
+ search.
+
+ Returns a list
+ """
+ domains = []
+ domain = None
+ try:
+ fp = open('/etc/resolv.conf', 'r')
+ lines = fp.readlines()
+ fp.close()
+
+ for line in lines:
+ if line.lower().startswith('domain'):
+ domain = line.split(None)[-1]
+ elif line.lower().startswith('search'):
+ domains = domains + line.split(None)[1:]
+ except:
+ pass
+ if domain and not domain in domains:
+ domains = [domain] + domains
+ return domains
+
def getServerName(self):
return self.server
@@ -43,6 +68,27 @@ class IPADiscovery:
def getBaseDN(self):
return self.basedn
+ def check_domain(self, domain):
+ """
+ Given a domain search it for SRV records, breaking it down to search
+ all subdomains too.
+
+ Returns a tuple (server, domain) or (None,None) if a SRV record
+ isn't found.
+ """
+ server = None
+ while not server:
+ logging.debug("[ipadnssearchldap("+domain+")]")
+ server = self.ipadnssearchldap(domain)
+ if server:
+ return (server, domain)
+ else:
+ p = domain.find(".")
+ if p == -1: #no ldap server found and last component of the domain already tested
+ return (None, None)
+ domain = domain[p+1:]
+ return (None, None)
+
def search(self, domain = "", server = ""):
hostname = ""
qname = ""
@@ -66,16 +112,22 @@ class IPADiscovery:
return -1
domain = hostname[p+1:]
- while not self.server:
- logging.debug("[ipadnssearchldap("+domain+")]")
- self.server = self.ipadnssearchldap(domain)
- if self.server:
+ # Get the list of domains from /etc/resolv.conf, we'll search
+ # them all. We search the domain of our hostname first though,
+ # even if that means searching it twice. This is to avoid the
+ # situation where domain isn't set in /etc/resolv.conf and
+ # the search list has the hostname domain not first. We could
+ # end up with the wrong SRV record.
+ domains = self.__get_resolver_domains()
+ domains = [domain] + domains
+ for domain in domains:
+ (server, domain) = self.check_domain(domain)
+ if server:
+ self.server = server
self.domain = domain
- else:
- p = domain.find(".")
- if p == -1: #no ldap server found and last component of the domain already tested
- return -1
- domain = domain[p+1:]
+ break
+ if not self.domain: #no ldap server found
+ return -1
else:
logging.debug("[ipadnssearchldap]")
self.server = self.ipadnssearchldap(domain)