freeipa

Clone
Source Code
GIT

#4932 ipa-client-install: warn if IP address is used with --server option
Closed: Fixed None Opened 9 years ago by pvoborni.

Closed: Fixed
Reopen Issue

Based on bz 1197674

ipa-client-install is not able to succeed if IP address is provided because:

  • in unattended mode without --force option it is not able to download CA cert from LDAP
  • with it, it fails on ipa-join because a FQDN is required for --server option. It fails with error:
    libcurl failed to execute the HTTP POST transaction, explaining: Unable to communicate securely with peer: requested domain name does not match the server's certificate.

In theory it is possible to have a hostname which consists only of numbers but it's not recommended and probably very rare.

Therefore ipa-client-install should print a warning message if IP address is used.

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1197674 (Fedora)

an alternative may be to use reverse dns lookup to get the server name but I would rather print the warning/error

stretch goal in 4.2 backlog

We should at least print the validation error to make sure admin does not use IP address.

master:

  • 592e437 ipa-client-install: warn when IP used in --server

ipa-4-2:

  • d55e10f ipa-client-install: warn when IP used in --server

Metadata Update from @pvoborni:
- Issue assigned to stlaz
- Issue set to the milestone: FreeIPA 4.2.1
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
Installation
None
1
None
None
mbasti
None
https://bugzilla.redhat.com/show_bug.cgi?id=1197674
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.