From be54d1deb5e40945e4ead5b34d9acde88c1e8264 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Tue, 19 Mar 2013 08:57:18 +0100
Subject: ipa-client discovery with anonymous access off

When RootDSE could be read (nsslapd-allow-anonymous-access set to
"rootdse"), autodiscovery module failed to report success to the
client installer.

Remove faulty "verified_servers" flag from autodiscovery module as
it has no point since we consider both scenarios (IPA server with
anonymous access on and unknown LDAP server with anonymous access
off) as success.

https://fedorahosted.org/freeipa/ticket/3519
---
 ipa-client/ipaclient/ipadiscovery.py | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

(limited to 'ipa-client/ipaclient')

diff --git a/ipa-client/ipaclient/ipadiscovery.py b/ipa-client/ipaclient/ipadiscovery.py
index 9a58b9678..ab35cea8c 100644
--- a/ipa-client/ipaclient/ipadiscovery.py
+++ b/ipa-client/ipaclient/ipadiscovery.py
@@ -234,7 +234,6 @@ class IPADiscovery(object):
         ldapaccess = True
         root_logger.debug("[LDAP server check]")
         valid_servers = []
-        verified_servers = False # is at least one server valid?
         for server in servers:
             root_logger.debug('Verifying that %s (realm %s) is an IPA server',
                 server, self.realm)
@@ -249,7 +248,6 @@ class IPADiscovery(object):
                 valid_servers.append(server)
                 # verified, we actually talked to the remote server and it
                 # is definetely an IPA server
-                verified_servers = True
                 if autodiscovered:
                     # No need to keep verifying servers if we discovered them
                     # via DNS
@@ -285,14 +283,12 @@ class IPADiscovery(object):
             self.realm_source = 'Assumed same as domain'
             root_logger.debug(
                 "Assuming realm is the same as domain: %s", self.realm)
-            verified_servers = True
 
         if not ldapaccess and self.basedn is None:
             # Generate suffix from realm
             self.basedn = realm_to_suffix(self.realm)
             self.basedn_source = 'Generated from Kerberos realm'
             root_logger.debug("Generated basedn from realm: %s" % self.basedn)
-            verified_servers = True
 
         root_logger.debug(
             "Discovery result: %s; server=%s, domain=%s, kdc=%s, basedn=%s",
@@ -304,7 +300,7 @@ class IPADiscovery(object):
 
         # If we have any servers left then override the last return value
         # to indicate success.
-        if verified_servers:
+        if valid_servers:
             self.server = servers[0]
             ldapret[0] = 0
 
-- 
cgit