On 07/04/2012 12:12 AM, Rob Crittenden wrote: > If you pass in --server and --fixed-primary then don't add _srv_ to ipa_server > in sssd.conf. > > This necessitates the desire to be able to provide multiple servers so make > --server accept multiple values. This represents the bulk of the code changes. > In every case we only use the additional values in sssd.conf. > > I also made some minor tweaks to discovery. There were cases where DNS > discovery wasn't successful but we set dnsok anyway which could cause some > cascading issues. > > There are a ton of possible corner cases with this so please, be brutal. > > I tested the following against a DNS server that had SRV records and against > one that did not. > > - ipa-client-install > - ipa-client-install --server=ipa.example.com --domain=example.com > - ipa-client-install --server=ipa.example.com --server=ipa1.example.com > --domain-example.com > - ipa-client-install -server=ipa.example.com --server=ipa1.example.com > --domain-example.com --fixed-primary > - ipa-client-install -server=ipa.example.com --server=ipa1.example.com > --domain-example.com --fixed-primary --no-sssd > - ipa-client-install -server=ipa.example.com --server=ipa1.example.com > --domain-example.com --no-sssd > > rob
I did various checks, generally the patch behaves ok, I did not find any major bug. I have just 2 questions/suggestions: 1) Since we allow more fixed servers to be passed as --server parameter, we could name them all in /etc/krb5.conf in "kdc" and "admin_server" options when DNS is not OK instead of writing just the first one in the list. Kerberos tools then should be able to fall-back when some of them is not available. 2) What DNS discovery is not OK, we still add _srv_ to ipa_server option in sssd.conf. Is it intentional? Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
