This ticket is a follow-up to #2815. As root user privileges are required to run ipa-dns-install we do not need to require the Direct Manager password to do the changes in LDAP, but we could simply use autobind.
ipa-dns-install
We should also audit other local management tools, like ipa-nis-manage or ipa-compat-manage and check if they really need to use DM password. In most cases, autobind when run as root would make using them more convenient.
ipa-nis-manage
ipa-compat-manage
Detailed discussion can be found on freeipa-devel list in the following message:
freeipa-devel
http://www.redhat.com/archives/freeipa-devel/2012-July/msg00350.html
Changing 3.2 priority
master:
ipa-4-1:
Metadata Update from @mkosek: - Issue assigned to rcritten - Issue set to the milestone: Future Releases
Login to comment on this ticket.