Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1497334
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem: An administrator is able to run ipa-server-install successfully with a domain name like 'thefederation' and an IPA server name 'theenterprise.thefederation' This is not allowed based on the pre-requisites below, but ipa-server-install succeeds and leads to broken IPA functionality https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/installing-ipa.html#dns-reqs >> Per email discussion on idm mailing list. The reason we did not I think was that in the early times (pre-Ad trust) it was still not a good idea, but most things would work still. We definitely need to prevent new installs, we can't break existing installs though, so we'll always need to allow "bad names" with some "force" option so we can reproduce issues with the old setups if needed. Version-Release number of selected component (if applicable): ipa-server-4.5 How reproducible: ipa-server was installed successfully with this broken configuration
Metadata Update from @pvoborni: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1497334
Metadata Update from @mreznik: - Issue set to the milestone: FreeIPA 4.7 (was: FreeIPA 4.8)
master:
Metadata Update from @mreznik: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
ipa-4-6: - https://pagure.io/freeipa/c/020dc379d42d83b5325a00154b931f467cf7e8c6
ipa-4-6:
Log in to comment on this ticket.