|
 |
99b6f7 |
From 8955e9f236ea9ca3ccfd32cb17c6b4baf9d492a2 Mon Sep 17 00:00:00 2001
|
|
|
99b6f7 |
From: Martin Kosek <mkosek@redhat.com>
|
|
|
99b6f7 |
Date: Wed, 6 Nov 2013 10:14:40 +0100
|
|
|
99b6f7 |
Subject: [PATCH] Server does not detect different server and IPA domain
|
|
|
99b6f7 |
|
|
|
99b6f7 |
Server installer does not properly recognize a situation when server
|
|
|
99b6f7 |
fqdn is not in a subdomain of the IPA domain, but shares the same
|
|
|
99b6f7 |
suffix.
|
|
|
99b6f7 |
|
|
|
99b6f7 |
For example, if server FQDN is ipa-idm.example.com and domain
|
|
|
99b6f7 |
is idm.example.com, server's FQDN is not in the main domain, but
|
|
|
99b6f7 |
installer does not recognize that. proper Kerberos realm-domain
|
|
|
99b6f7 |
mapping is not created in this case and server does not work
|
|
|
99b6f7 |
(httpd reports gssapi errors).
|
|
|
99b6f7 |
|
|
|
99b6f7 |
https://fedorahosted.org/freeipa/ticket/4012
|
|
|
99b6f7 |
---
|
|
|
99b6f7 |
ipaserver/install/krbinstance.py | 18 +++++++++++-------
|
|
|
99b6f7 |
1 file changed, 11 insertions(+), 7 deletions(-)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
|
|
|
99b6f7 |
index a16e4d5f0cb3b70c6c69aac3251785ef3e8fa7f2..98687a4002cd7b19faea03acc552759e962d8832 100644
|
|
|
99b6f7 |
--- a/ipaserver/install/krbinstance.py
|
|
|
99b6f7 |
+++ b/ipaserver/install/krbinstance.py
|
|
|
99b6f7 |
@@ -24,6 +24,7 @@
|
|
|
99b6f7 |
import os
|
|
|
99b6f7 |
import pwd
|
|
|
99b6f7 |
import socket
|
|
|
99b6f7 |
+import dns.name
|
|
|
99b6f7 |
|
|
|
99b6f7 |
import service
|
|
|
99b6f7 |
import installutils
|
|
|
99b6f7 |
@@ -237,15 +238,18 @@ def __setup_sub_dict(self):
|
|
|
99b6f7 |
|
|
|
99b6f7 |
# IPA server/KDC is not a subdomain of default domain
|
|
|
99b6f7 |
# Proper domain-realm mapping needs to be specified
|
|
|
99b6f7 |
- dr_map = ''
|
|
|
99b6f7 |
- if not self.fqdn.endswith(self.domain):
|
|
|
99b6f7 |
- root_logger.debug("IPA FQDN '%s' is not located in default domain '%s'" \
|
|
|
99b6f7 |
- % (self.fqdn, self.domain))
|
|
|
99b6f7 |
- server_host, dot, server_domain = self.fqdn.partition('.')
|
|
|
99b6f7 |
- root_logger.debug("Domain '%s' needs additional mapping in krb5.conf" \
|
|
|
99b6f7 |
- % server_domain)
|
|
|
99b6f7 |
+ domain = dns.name.from_text(self.domain)
|
|
|
99b6f7 |
+ fqdn = dns.name.from_text(self.fqdn)
|
|
|
99b6f7 |
+ if not fqdn.is_subdomain(domain):
|
|
|
99b6f7 |
+ root_logger.debug("IPA FQDN '%s' is not located in default domain '%s'",
|
|
|
99b6f7 |
+ fqdn, domain)
|
|
|
99b6f7 |
+ server_domain = fqdn.parent().to_unicode(omit_final_dot=True)
|
|
|
99b6f7 |
+ root_logger.debug("Domain '%s' needs additional mapping in krb5.conf",
|
|
|
99b6f7 |
+ server_domain)
|
|
|
99b6f7 |
dr_map = " .%(domain)s = %(realm)s\n %(domain)s = %(realm)s\n" \
|
|
|
99b6f7 |
% dict(domain=server_domain, realm=self.realm)
|
|
|
99b6f7 |
+ else:
|
|
|
99b6f7 |
+ dr_map = ""
|
|
|
99b6f7 |
self.sub_dict['OTHER_DOMAIN_REALM_MAPS'] = dr_map
|
|
|
99b6f7 |
|
|
|
99b6f7 |
def __configure_sasl_mappings(self):
|
|
|
99b6f7 |
--
|
|
|
99b6f7 |
1.8.3.1
|
|
|
99b6f7 |
|