[Freeipa-devel] [PATCH] 273 join a host to an IPA domain

Jason Gerard DeRose jderose at redhat.com
Thu Sep 24 23:58:25 UTC 2009 

ack.  pushed to master.

This patch was missing a "BuildRequires: xmlrpc-c-devel", which I fixed
in my attached patch.  I pushed it to master under 1-line rule.

On Mon, 2009-09-14 at 17:07 -0400, Rob Crittenden wrote:
> NOTE, this patch replaces a previous patch to do the same thing. I fixed 
> a few problems Simo pointed out and re-based it against the current master.
> 
> This largish patch adds host enrollment. There are several scenarios 
> that are covered. All of these assume that the IPA client machine has 
> already been set up (ipa-client-install):
> 
> 1. Full admin enrollment. This will create the host entry, a host/ 
> service principal and a keytab for that principal in /etc/krb5.keytab.
> 
> 2. Junior admin enrollment. There are lots of levels of delegation 
> possible here, but at a minimum they would be able to enroll an existing 
> host by creating the service principal and keytab. Additional rights 
> such as adding a host could be added as well.
> 
> 3. Bulk enrollment. If a host entry is pre-created by another admin and 
> it contains an enrollment password (in the userPassword attribute) then 
> an LDAP-based enrollment can take place. The client binds as the host 
> and generates a keytab for itself.
> 
> One really significant change is I've switch to openldap as the LDAP 
> client. Doing SSL with mozldap would have required a significant amount 
> of more code (because we can't assume there is already an NSS db lying 
> around that trusts the IPA CA).
> 
> I didn't completely disable the mozldap option but by default things 
> will build with openldap now.
> 
> This also adds a first pass at Get Effective Rights support. This is so 
> we can know in advance if an operation would succeed and makes things 
> generally nicer.
> 
> rob
> 
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jderose-018-BuildRequires-xmlrpc-c-devel.patch
Type: text/x-patch
Size: 705 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090924/4b4ff885/attachment.bin>

More information about the Freeipa-devel mailing list