Currently ipa-getkeytab supports only two bind methods: simple bind using ldaps://$server, or GSSAPI bind to ldap://$server which precludes the use of this command as an universal interface to request service keytabs in various contexts (e.g. installers).
ipa-getkeytab
It would be nice if other bind methods, like LDAPI autobind, are supported. For this we propose to extend the utility as follows:
-s, -D, -w options will be kept for backward compatibility
-s
-D
-w
-H <LDAP_URI> option will be added to specify full LDAP uri. By default the URI will be constructed from retrieved server name as is done now. Specifying this options precludes use of -s.
-H <LDAP_URI>
-Y <MECH> to specify SASL bind mechanism (EXTERNAL, GSSAPI, etc.)
-Y <MECH>
Exact options/behavior are of course open to discussion, but this nicely mirrors the interface of openldap client utilities.
moving to 4.5 because it will simplify installer refactoring
master:
Test fix:
Metadata Update from @mbabinsk: - Issue assigned to mbabinsk - Issue set to the milestone: FreeIPA 4.5
Log in to comment on this ticket.