diff options
| author | Martin Kosek <mkosek@redhat.com> | 2013-11-06 10:14:40 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-11-11 09:27:12 +0100 |
| commit | b4ee7da8e9d578ce2c053fad7d0f1ace7f0b6e6a (patch) | |
| tree | 8808cf0f799e1ed5ad96ea66f9fef7b1ecf9e789 /ipaserver | |
| parent | 196379d126f4c86cb0979d3bae16919858bd7c19 (diff) | |
| download | freeipa.git-b4ee7da8e9d578ce2c053fad7d0f1ace7f0b6e6a.tar.gz freeipa.git-b4ee7da8e9d578ce2c053fad7d0f1ace7f0b6e6a.tar.xz freeipa.git-b4ee7da8e9d578ce2c053fad7d0f1ace7f0b6e6a.zip | |
Server does not detect different server and IPA domain
Server installer does not properly recognize a situation when server
fqdn is not in a subdomain of the IPA domain, but shares the same
suffix.
For example, if server FQDN is ipa-idm.example.com and domain
is idm.example.com, server's FQDN is not in the main domain, but
installer does not recognize that. proper Kerberos realm-domain
mapping is not created in this case and server does not work
(httpd reports gssapi errors).
https://fedorahosted.org/freeipa/ticket/4012
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/krbinstance.py | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index af37d05f..2ab97a4d 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -24,6 +24,7 @@ import sys import os import pwd import socket +import dns.name import service import installutils @@ -237,15 +238,18 @@ class KrbInstance(service.Service): # IPA server/KDC is not a subdomain of default domain # Proper domain-realm mapping needs to be specified - dr_map = '' - if not self.fqdn.endswith(self.domain): - root_logger.debug("IPA FQDN '%s' is not located in default domain '%s'" \ - % (self.fqdn, self.domain)) - server_host, dot, server_domain = self.fqdn.partition('.') - root_logger.debug("Domain '%s' needs additional mapping in krb5.conf" \ - % server_domain) + domain = dns.name.from_text(self.domain) + fqdn = dns.name.from_text(self.fqdn) + if not fqdn.is_subdomain(domain): + root_logger.debug("IPA FQDN '%s' is not located in default domain '%s'", + fqdn, domain) + server_domain = fqdn.parent().to_unicode(omit_final_dot=True) + root_logger.debug("Domain '%s' needs additional mapping in krb5.conf", + server_domain) dr_map = " .%(domain)s = %(realm)s\n %(domain)s = %(realm)s\n" \ % dict(domain=server_domain, realm=self.realm) + else: + dr_map = "" self.sub_dict['OTHER_DOMAIN_REALM_MAPS'] = dr_map def __configure_sasl_mappings(self): |