Add --fixed-primary flag to control the order of ipa_server in
sssd.conf. When set the discovered (or passed) server will be set first
rather than _srv_. The default is to have _srv_ set first.
rob
>From 1c6b016e6815020077778bf202523e132336f214 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Mon, 11 Jun 2012 15:43:04 -0400
Subject: [PATCH] Add flag to ipa-client-install to managed order of
ipa_server in sssd
The --fixed-primary flag determine the order of the ipa_server directive.
When set the IPA server discovered (or passed in via --server or via
user-input) will be listed first. Otherwise _srv_ is listed first.
https://fedorahosted.org/freeipa/ticket/2282
---
ipa-client/ipa-install/ipa-client-install | 7 ++++++-
ipa-client/man/ipa-client-install.1 | 5 ++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index afc332a99757039679f9e4dfd1bdc63b376e6c6e..d67d0b6ccc2fcc8a6a66d03d4d341da7baa8e3ed 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -67,6 +67,8 @@ def parse_options():
basic_group.add_option("--domain", dest="domain", help="domain name")
basic_group.add_option("--server", dest="server", help="IPA server")
basic_group.add_option("--realm", dest="realm_name", help="realm name")
+ basic_group.add_option("--fixed-primary", dest="primary", action="store_true",
+ default=False, help="Configure sssd to use fixed server as primary IPA server")
basic_group.add_option("-p", "--principal", dest="principal",
help="principal to use to join the IPA realm"),
basic_group.add_option("-w", "--password", dest="password", sensitive=True,
@@ -753,7 +755,10 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options, clie
domain.set_option('dns_discovery_domain', cli_domain)
if not options.on_master:
- domain.set_option('ipa_server', '_srv_, %s' % cli_server)
+ if options.primary:
+ domain.set_option('ipa_server', '%s, _srv_' % cli_server)
+ else:
+ domain.set_option('ipa_server', '_srv_, %s' % cli_server)
else:
# the master should only use itself for Kerberos
domain.set_option('ipa_server', cli_server)
diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1
index cf3db2e682febe70fe1e616dbe8b17529d09e973..304c5d9810d839021c2b7db78145d351d61420ee 100644
--- a/ipa-client/man/ipa-client-install.1
+++ b/ipa-client/man/ipa-client-install.1
@@ -33,7 +33,7 @@ This same tool is used to unconfigure IPA and attemps to return the machine to i
.SS "HOSTNAME REQUIREMENTS"
Client must use a \fBstatic hostname\fR. If the machine hostname changes for example due to a dynamic hostname assignment by a DHCP server, client enrollment to IPA server breaks and user then would not be able to perform Kerberos authentication.
---hostname option may be used to specify a static hostname that is set in machine system configuration and persist over reboot.
+\-\-hostname option may be used to specify a static hostname that is set in machine system configuration and persist over reboot.
.SH "OPTIONS"
.SS "BASIC OPTIONS"
@@ -47,6 +47,9 @@ Set the IPA server to connect to
\fB\-\-realm\fR=\fIREALM_NAME\fR
Set the IPA realm name to REALM_NAME
.TP
+\fB\-\-fixed\-primary\fR
+Configure sssd to use a fixed server as the primary IPA server. The default is to use DNS SRV records to determine the primary server to use and fall back to the server the client is enrolled with.
+.TP
\fB\-p\fR, \fB\-\-principal\fR
Authorized kerberos principal to use to join the IPA realm.
.TP
--
1.7.10.1
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
