#6049 Disallow new installations with REALM != primary DNS domain
Closed: wontfix 5 years ago by rcritten. Opened 7 years ago by pspacek.

Support for REALM != primary DNS domain is problematic. Given that AD is enforing REALM == DNS domain I think we can do the same and simplify things.

Problems:

  • REALM and/or domain is impossible to change so if initial installation was done with REALM != domain the user is doomed when it later comes to AD trusts
  • it is constantly causing problems with IPA domain auto-discovery
  • it breaks in various corner cases
  • it is not well tested

For all these reasons I would forbid new installations with REALM != primary DNS domain. IMHO it will reduce support costs in long term.


This is one of the claimed differentiators. I am not sure we should remove this functionality. IMO we should warn of the implications rather than disable it completely.

Metadata Update from @pspacek:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog

7 years ago

Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.

Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.

Metadata Update from @rcritten:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

5 years ago

Login to comment on this ticket.

Metadata