summaryrefslogtreecommitdiffstats
path: root/client/ipa-join.c
Commit message (Collapse)AuthorAgeFilesLines
* Enable LDAP debug output in client to display TLS errors in joinRob Crittenden2018-10-121-29/+35
| | | | | | | | | | | | | | | | | | If ipa-join fails due to a TLS connection error when doing an LDAP-based enroll then nothing is logged by default except an Invalid Password error which is misleading (because the failure occurs during the bind). The only way that debugging would have been sufficient is if the user passed --debug to ipa-client-install which is not great. This log level is otherwise very quiet and only logs one or two lines on errors which is perfect. https://pagure.io/freeipa/issue/7728 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Retrieve certificate subject base directly instead of ipa-joinRob Crittenden2018-08-291-88/+4
| | | | | | | | | | | | | | | | | | | | | The subject base is used as a fallback to find the available CA certificates during client enrollment if the LDAP connection fails (e.g. due to new client connecting to very old server) and for constructing the subject if a certificate is requested. raw=True is passed to config-show in order to avoid parsing the server roles which will fail because the services aren't marked as enabled until after the client installation is successful on a master. ipa-join providing the subject base via stderr was fragile and would cause client enrollment to fail if any other output was included in stderr. https://pagure.io/freeipa/issue/7674 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
* Apply sane LDAP settings to C codeChristian Heimes2018-05-291-26/+9
| | | | | | | | | Common LDAP code from ipa-getkeytab and ipa-join are moved to libutil.a. The common ipa_ldap_init() and ipa_tls_ssl_init() set the same options as ldap_initialize() Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
* ipa-rmkeytab, ipa-join: don't fail if init of gettext failedMartin Basti2016-06-271-1/+1
| | | | | | | | | | If locale setting was incorect, gettext failed to initialize and scripts failed. this commit replaces error exit with warning message. (Better to have untranslated output than fail) https://fedorahosted.org/freeipa/ticket/5973 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Split ipa-client/ into ipaclient/ (Python library) and client/ (C, scripts)Petr Viktorin2016-01-271-0/+1161
Make ipaclient a Python library like ipapython, ipalib, etc. Use setup.py instead of autotools for installing it. Move C client tools, Python scripts, and man pages, to client/. Remove old, empty or outdated, boilerplate files (NEWS, README, AUTHORS). Remove /setup-client.py (ipalib/setup.py should be used instead). Update Makefiles and the spec file accordingly. https://fedorahosted.org/freeipa/ticket/5638 Reviewed-By: Jan Cholasta <jcholast@redhat.com>