ipa-client discovery with anonymous access off

When RootDSE could be read (nsslapd-allow-anonymous-access set to "rootdse"), autodiscovery module failed to report success to the client installer. Remove faulty "verified_servers" flag from autodiscovery module as it has no point since we consider both scenarios (IPA server with anonymous access on and unknown LDAP server with anonymous access off) as success. https://fedorahosted.org/freeipa/ticket/3519
author: Martin Kosek <mkosek@redhat.com> 2013-03-19 08:57:18 +0100
committer: Martin Kosek <mkosek@redhat.com> 2013-03-20 09:22:10 +0100
commit: be54d1deb5e40945e4ead5b34d9acde88c1e8264 (patch)
tree: 7a3aab25927cd478bf240ef8ffcd6c23528bc686 /ipa-client/ipaclient
parent: 6c85b88874d099a909c5662a6a32c045439e0b2c (diff)
download: freeipa-be54d1deb5e40945e4ead5b34d9acde88c1e8264.tar.gz
freeipa-be54d1deb5e40945e4ead5b34d9acde88c1e8264.tar.xz
freeipa-be54d1deb5e40945e4ead5b34d9acde88c1e8264.zip
1 files changed, 1 insertions, 5 deletions
diff --git a/ipa-client/ipaclient/ipadiscovery.py b/ipa-client/ipaclient/ipadiscovery.py
index 9a58b9678..ab35cea8c 100644
--- a/ipa-client/ipaclient/ipadiscovery.py
+++ b/ipa-client/ipaclient/ipadiscovery.py
@@ -234,7 +234,6 @@ class IPADiscovery(object):
         ldapaccess = True
         root_logger.debug("[LDAP server check]")
         valid_servers = []
-        verified_servers = False # is at least one server valid?
         for server in servers:
             root_logger.debug('Verifying that %s (realm %s) is an IPA server',
                 server, self.realm)
@@ -249,7 +248,6 @@ class IPADiscovery(object):
                 valid_servers.append(server)
                 # verified, we actually talked to the remote server and it
                 # is definetely an IPA server
-                verified_servers = True
                 if autodiscovered:
                     # No need to keep verifying servers if we discovered them
                     # via DNS
@@ -285,14 +283,12 @@ class IPADiscovery(object):
             self.realm_source = 'Assumed same as domain'
             root_logger.debug(
                 "Assuming realm is the same as domain: %s", self.realm)
-            verified_servers = True
 
         if not ldapaccess and self.basedn is None:
             # Generate suffix from realm
             self.basedn = realm_to_suffix(self.realm)
             self.basedn_source = 'Generated from Kerberos realm'
             root_logger.debug("Generated basedn from realm: %s" % self.basedn)
-            verified_servers = True
 
         root_logger.debug(
             "Discovery result: %s; server=%s, domain=%s, kdc=%s, basedn=%s",
@@ -304,7 +300,7 @@ class IPADiscovery(object):
 
         # If we have any servers left then override the last return value
         # to indicate success.
-        if verified_servers:
+        if valid_servers:
             self.server = servers[0]
             ldapret[0] = 0
author	Martin Kosek <mkosek@redhat.com>	2013-03-19 08:57:18 +0100
committer	Martin Kosek <mkosek@redhat.com>	2013-03-20 09:22:10 +0100
commit	be54d1deb5e40945e4ead5b34d9acde88c1e8264 (patch)
tree	7a3aab25927cd478bf240ef8ffcd6c23528bc686 /ipa-client/ipaclient
parent	6c85b88874d099a909c5662a6a32c045439e0b2c (diff)
download	freeipa-be54d1deb5e40945e4ead5b34d9acde88c1e8264.tar.gz freeipa-be54d1deb5e40945e4ead5b34d9acde88c1e8264.tar.xz freeipa-be54d1deb5e40945e4ead5b34d9acde88c1e8264.zip