#7207 ipa-server-install should prevent installations with single label domains
Closed: fixed 7 years ago Opened 7 years ago by pvoborni.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1497334

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:
An administrator is able to run ipa-server-install successfully with a domain name like 'thefederation' and an IPA server name 'theenterprise.thefederation'

This is not allowed based on the pre-requisites below, but ipa-server-install succeeds and leads to broken IPA functionality

 https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/installing-ipa.html#dns-reqs

>> Per email discussion on idm mailing list.

The reason we did not I think was that in the early times (pre-Ad trust) it was still not a good idea, but most things would work still.

We definitely need to prevent new installs, we can't break existing installs though, so we'll always need to allow "bad names" with some "force" option so we can reproduce issues with the old setups if needed.

Version-Release number of selected component (if applicable):
ipa-server-4.5

How reproducible:
 ipa-server was installed successfully with this broken configuration

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1497334

7 years ago

Metadata Update from @mreznik:
- Issue set to the milestone: FreeIPA 4.7 (was: FreeIPA 4.8)

7 years ago

master:

  • 905ab93 Prevent installation with single label domains

Metadata Update from @mreznik:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

7 years ago

ipa-4-6:

  • 8ae6c1a check for single-label domains only during server install

Log in to comment on this ticket.

Metadata