#3455 [RFE] Allow IPA commands to skip domain name validation check
Closed: wontfix 5 years ago Opened 11 years ago by akrivoka.

Introduce --force option to all IPA commands that perform domain name validation. When the --force option is passed, the command should skip the domain name validation check, and allow the operation even if the domain name is not valid.


To clarify a bit: the purpose of this RFE is to allow user to force addition of an invalid domain, by bypassing the domain validation check. We want to allow user to force this by specifying the --force switch when issuing the command. This switch should be added to all the commands that perform domain name validation check. Some of them already have the --force option enabled, but it does not necessarily work in the way that we want. E.g. the host-add command does not allow the user to add an invalid domain, even with the --force option set:

[akrivoka@vm-062 ~]$ ipa host-add ffff --force
ipa: ERROR: invalid 'hostname': invalid domain-name: not fully qualified
[akrivoka@vm-062 ~]$

To conclude, we should ensure that all the ipa commands that deal with addition/modification of a dns domain:

  • Have the --force option
  • Specifying --force allows to bypass the dns validation check

There are two check types:

  • Syntax checks

    • Name doesn't contain two or more successive dots (i.e. empty label)
    • Name doesn't start with dot
    • etc.
  • Semantic checks

    • FQDN is expected
    • Name is expected to (not/)exist
    • etc.

The --force option should disable semantic checks, i.e. allow non-FQDN where we expect FQDN and so on, but syntax checks should be enabled all the time.

I.e. ipa host-add host --force should be allowed but ipa host-add h..ost --force should NOT be allowed.

Metadata Update from @akrivoka:
- Issue assigned to someone
- Issue set to the milestone: Future Releases

7 years ago

Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.

Metadata Update from @rcritten:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

5 years ago

Login to comment on this ticket.

Metadata