This ticket is a follow-up to #2815. As root user privileges are required to run ipa-dns-install we do not need to require the Direct Manager password to do the changes in LDAP, but we could simply use autobind.
We should also audit other local management tools, like ipa-nis-manage or ipa-compat-manage and check if they really need to use DM password. In most cases, autobind when run as root would make using them more convenient.
Detailed discussion can be found on freeipa-devel list in the following message:
Changing 3.2 priority
Metadata Update from @mkosek:
- Issue assigned to rcritten
- Issue set to the milestone: Future Releases
to comment on this ticket.