On 12/04/2015 08:22 PM, Rob Crittenden wrote: > Martin Kosek wrote: >> On 12/04/2015 07:17 PM, Tomas Babej wrote: >>> Hi, >>> >>> Avoids failing in the later stages during the ipa-client-install >>> command. >>> >>> Tomas >> >> Is this change needed? Wouldn't it be better to update >> ipa-client-install or ipa-replica-install to not require the --domain >> option? I would hope that --domain can be figured out during >> installation and not passed to ipa-replica-install manually by the admin. >> >> I just think that calling >> # ipa-replica-install --server=master.example.com >> is better than >> # ipa-replica-install --server=master.example.com --domain example.com >> if possible. > > IIRC this is for service discovery when using a specific server and not > LDAP. This is the domain used to search for the kerberos realm, for > example. > > That isn't to say this isn't discoverable but it would require another > function in discovery to query what the IPA domain is from the given > master but it gets tricky if anonymous search is disabled, for example. > > rob >
Needed or not, this is the behaviour that ipa-client-install has now. Adding a domain detection method would be a RFE for ipa-client-install (and imho not something we should be adding at this point). This patch only focuses on making the ipa-replica-install work more smoothly. Tomas -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
