[Freeipa-devel] [PATCH] 0004 (2) Make proper LDAP configuration reporting for ipa-cli-install

Rob Crittenden rcritten at redhat.com
Fri Jul 29 15:09:24 UTC 2011 

Martin Kosek wrote:
> On Fri, 2011-07-29 at 15:59 +0300, Alexander Bokovoy wrote:
>> On 29.07.2011 14:13, Martin Kosek wrote:
>>> On Fri, 2011-07-29 at 13:09 +0300, Alexander Bokovoy wrote:
>>>> Hi,
>>>>
>>>> another attempt to refine error/configuration reporting when configuring
>>>> means to access LDAP on a client. Previous one tried to use rpm to find
>>>> out package name but this approach is avoiding package names. Instead,
>>>> it tries to tell configuration file.
>>>>
>>>> Ticker https://fedorahosted.org/freeipa/ticket/1369
>>>
>>> NACK.
>>>
>>> 1) Return info from LDAP config functions gets overwritten:
>>>
>>> if not options.sssd:
>>>          (retcode, conf, filename) = configure_ldap_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options)
>>>          if retcode:
>>>              return 1
>>>          (retcode, conf, filename) = configure_nslcd_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, dnsok, options)
>>>          if retcode:
>>>              return 1
>>>
>>> Only one function will do the real configuration, in my case it was the
>>> configure_ldap_conf (nslcd was not installed). Due to the overwrite, my
>>> ipa-client-install reported invalid information:
>> Yes, fixed.
>>
>>> # ipa-client-install --server=vm-059.idm.lab.bos.redhat.com --domain=idm.lab.bos.redhat.com --no-sssd
>>> ...
>>> LDAP enabled
>>> Kerberos 5 enabled
>>> NSLCD configured using configuration file /etc/nslcd.conf<<<<
>>> Unable to use DNS discovery! Recognized configuration: NSLCD
>>> Changing configuration of /etc/ldap.conf to use hardcoded server name: vm-059.idm.lab.bos.redhat.com
>>> NTP enabled
>>> Client configuration complete.
>>>
>>> We need to indicate in the return triple that the service was not
>>> configured so that we output correct information.
>> I did this now by returning None: return (0, None, None).
>>
>>> 2) Returning tuple instead of triple (will raise exception when used):
>>>
>>> -            return 1
>>> +            return (1, 'nslcd')
>>>
>>> Plus, NSLCD is referred in upper case in other return statements.
>> Fixed.
>>
>> Version 3 attached.
>
> Getting closer, but still not there (although I really like your "for
> configurer in ..." construct):
>
> # ipa-client-install --server=vm-059.idm.lab.bos.redhat.com
> --domain=idm.lab.bos.redhat.com --no-sssd
> ...
> LDAP enabled
> Kerberos 5 enabled
> LDAP configured using configuration file /etc/ldap.conf
> Unable to use DNS discovery! Recognized configuration: None<<<<<<<<
> Changing configuration of /etc/ldap.conf to use hardcoded server name:
> vm-059.idm.lab.bos.redhat.com
> NTP enabled
> Client configuration complete.
>
> Martin

Backtrace on sssd-based install:

# ipa-client-install --server=panther.greyoak.com --domain=greyoak.com 
--realm=GREYOAK.COM -p admin
DNS domain 'greyoak.com' is not configured for automatic KDC address lookup.
KDC address will be set to fixed value.

Discovery was successful!
Hostname: slinky.greyoak.com
Realm: GREYOAK.COM
DNS Domain: greyoak.com
IPA Server: panther.greyoak.com
BaseDN: dc=greyoak,dc=com


Continue to configure the system with these values? [no]: y
Password for admin at GREYOAK.COM:

Enrolled in IPA realm GREYOAK.COM
Created /etc/ipa/default.conf
Configured /etc/sssd/sssd.conf
Configured /etc/krb5.conf for IPA realm GREYOAK.COM
SSSD enabled
Kerberos 5 enabled
Traceback (most recent call last):
   File "/usr/sbin/ipa-client-install", line 1079, in <module>
     sys.exit(main())
   File "/usr/sbin/ipa-client-install", line 1054, in main
     print "Unable to use DNS discovery! Recognized configuration: %s" % 
(conf)
UnboundLocalError: local variable 'conf' referenced before assignment

More information about the Freeipa-devel mailing list