diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2013-02-04 09:35:13 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2013-02-07 16:49:31 -0500 |
| commit | cbb262dc07ea0615068a630e6c7136e3200d5a06 (patch) | |
| tree | 6e05af130a32f8715558e8b4b1082da5f522f8e9 /ipa-client/ipa-install/ipa-client-automount | |
| parent | 076775a0f8c9ee0d17b1ed9356f1a8429fc47443 (diff) | |
| download | freeipa-cbb262dc07ea0615068a630e6c7136e3200d5a06.tar.gz freeipa-cbb262dc07ea0615068a630e6c7136e3200d5a06.tar.xz freeipa-cbb262dc07ea0615068a630e6c7136e3200d5a06.zip | |
Add LDAP server fallback to client installer
Change the discovery code to validate all servers, regardless of where
the originated (either via SRV records or --server). This will prevent
the client installer from failing if one of those records points to a
server that is either not running or is not an IPA server.
If a server is not available it is not removed from the list of configured
servers, simply moved to the end of the list.
If a server is not an IPA server it is removed.
https://fedorahosted.org/freeipa/ticket/3388
Diffstat (limited to 'ipa-client/ipa-install/ipa-client-automount')
| -rwxr-xr-x | ipa-client/ipa-install/ipa-client-automount | 33 |
1 files changed, 18 insertions, 15 deletions
diff --git a/ipa-client/ipa-install/ipa-client-automount b/ipa-client/ipa-install/ipa-client-automount index fd922b8a9..3952642b4 100755 --- a/ipa-client/ipa-install/ipa-client-automount +++ b/ipa-client/ipa-install/ipa-client-automount @@ -384,30 +384,33 @@ def main(): sys.exit('automount is already configured on this system.\n') autodiscover = False - server = options.server + servers = [] ds = ipadiscovery.IPADiscovery() - if not server: + if not options.server: print "Searching for IPA server..." ret = ds.search() root_logger.debug('Executing DNS discovery') if ret == ipadiscovery.NO_LDAP_SERVER: root_logger.debug('Autodiscovery did not find LDAP server') - if not server: - s = urlparse.urlsplit(api.env.xmlrpc_uri) - server = s.netloc - root_logger.debug('Setting server to %s' % s.netloc) + s = urlparse.urlsplit(api.env.xmlrpc_uri) + server = [s.netloc] + root_logger.debug('Setting server to %s' % s.netloc) else: autodiscover = True - server = ds.getServerName() - if not server: + if not ds.servers: sys.exit('Autodiscovery was successful but didn\'t return a server') - root_logger.debug('Autodiscovery success, setting server to %s' % server) - - # Now confirm that our server is an IPA server - root_logger.debug("Verifying that %s is an IPA server" % server) - ldapret = ds.ipacheckldap(server, api.env.realm) - if ldapret[0] != 0: - sys.exit('Unable to confirm that %s is an IPA v2 server' % server) + root_logger.debug('Autodiscovery success, possible servers %s' % ','.join(ds.servers)) + server = ds.servers[0] + else: + server = options.server + root_logger.debug("Verifying that %s is an IPA server" % server) + ldapret = ds.ipacheckldap(server, api.env.realm) + if ldapret[0] == ipadiscovery.NO_ACCESS_TO_LDAP: + print "Anonymous access to the LDAP server is disabled." + print "Proceeding without strict verification." + print "Note: This is not an error if anonymous access has been explicitly restricted." + elif ldapret[0] != 0: + sys.exit('Unable to confirm that %s is an IPA server' % server) if not autodiscover: print "IPA server: %s" % server |