diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2013-02-04 09:35:13 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2013-02-07 16:49:31 -0500 |
| commit | cbb262dc07ea0615068a630e6c7136e3200d5a06 (patch) | |
| tree | 6e05af130a32f8715558e8b4b1082da5f522f8e9 /ipa-client/ipa-install/ipa-client-install | |
| parent | 076775a0f8c9ee0d17b1ed9356f1a8429fc47443 (diff) | |
| download | freeipa-cbb262dc07ea0615068a630e6c7136e3200d5a06.tar.gz freeipa-cbb262dc07ea0615068a630e6c7136e3200d5a06.tar.xz freeipa-cbb262dc07ea0615068a630e6c7136e3200d5a06.zip | |
Add LDAP server fallback to client installer
Change the discovery code to validate all servers, regardless of where
the originated (either via SRV records or --server). This will prevent
the client installer from failing if one of those records points to a
server that is either not running or is not an IPA server.
If a server is not available it is not removed from the list of configured
servers, simply moved to the end of the list.
If a server is not an IPA server it is removed.
https://fedorahosted.org/freeipa/ticket/3388
Diffstat (limited to 'ipa-client/ipa-install/ipa-client-install')
| -rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 22 |
1 files changed, 5 insertions, 17 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 024b94f46..2d32e28ec 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -1705,9 +1705,7 @@ def install(options, env, fstore, statestore): # Create the discovery instance ds = ipadiscovery.IPADiscovery() - # Do discovery on the first server passed in, we'll do sanity checking - # on any others - ret = ds.search(domain=options.domain, server=options.server, hostname=hostname, ca_cert_path=get_cert_path(options.ca_cert_file)) + ret = ds.search(domain=options.domain, servers=options.server, hostname=hostname, ca_cert_path=get_cert_path(options.ca_cert_file)) if ret == ipadiscovery.BAD_HOST_CONFIG: root_logger.error("Can't get the fully qualified name of this host") @@ -1744,7 +1742,7 @@ def install(options, env, fstore, statestore): cli_domain_source = 'Provided interactively' root_logger.debug( "will use interactively provided domain: %s", cli_domain) - ret = ds.search(domain=cli_domain, server=options.server, hostname=hostname, ca_cert_path=get_cert_path(options.ca_cert_file)) + ret = ds.search(domain=cli_domain, servers=options.server, hostname=hostname, ca_cert_path=get_cert_path(options.ca_cert_file)) if not cli_domain: if ds.domain: @@ -1768,7 +1766,7 @@ def install(options, env, fstore, statestore): cli_server = [user_input("Provide your IPA server name (ex: ipa.example.com)", allow_empty = False)] cli_server_source = 'Provided interactively' root_logger.debug("will use interactively provided server: %s", cli_server[0]) - ret = ds.search(domain=cli_domain, server=cli_server, hostname=hostname, ca_cert_path=get_cert_path(options.ca_cert_file)) + ret = ds.search(domain=cli_domain, servers=cli_server, hostname=hostname, ca_cert_path=get_cert_path(options.ca_cert_file)) else: # Only set dnsok to True if we were not passed in one or more servers @@ -1785,11 +1783,11 @@ def install(options, env, fstore, statestore): if not cli_server: if options.server: - cli_server = options.server + cli_server = ds.servers cli_server_source = 'Provided as option' root_logger.debug("will use provided server: %s", ', '.join(options.server)) elif ds.server: - cli_server = [ds.server] + cli_server = ds.servers cli_server_source = ds.server_source root_logger.debug("will use discovered server: %s", cli_server[0]) @@ -1860,16 +1858,6 @@ def install(options, env, fstore, statestore): root_logger.debug("will use discovered basedn: %s", cli_basedn) subject_base = DN(('O', cli_realm)) - # Now do a sanity check on the other servers - if options.server and len(options.server) > 1: - for server in options.server[1:]: - ret = ds.search(domain=cli_domain, server=server, hostname=hostname, ca_cert_path=get_cert_path(options.ca_cert_file)) - if ret == ipadiscovery.NOT_IPA_SERVER: - root_logger.error("%s is not an IPA v2 Server.", server) - print_port_conf_info() - root_logger.debug("(%s: %s)", server, cli_server_source) - return CLIENT_INSTALL_ERROR - root_logger.info("Hostname: %s", hostname) root_logger.debug("Hostname source: %s", hostname_source) root_logger.info("Realm: %s", cli_realm) |