#7345 ipaclient: DNS autodiscovery is broken
Opened a year ago by pilou. Modified 8 months ago


Since some default values have been removed, DNS autodiscovery is broken

Fix: https://github.com/freeipa/freeipa/pull/1430

Steps to Reproduce

  1. Fetch FreeIPA Ansible dynamic inventory
  2. Fetch a Kerberos ticket using kinit
  3. In FreeIPA client configuration defines domain but not xmlrpc_uri nor jsonrpc_uri:
$ cat /etc/ipa/default.conf
domain = ipa.test
  1. Execute inventory: $ ./freeipa.py --list

Actual behavior

An exception occurs:

$ ./freeipa.py --list
Traceback (most recent call last):
  File "./ansible/contrib/inventory/freeipa.py", line 95, in <module>
    api = initialize()
  File "./ansible/contrib/inventory/freeipa.py", line 18, in initialize
  File "local/lib/python2.7/site-packages/ipalib/plugable.py", line 738, in finalize
  File "local/lib/python2.7/site-packages/ipalib/plugable.py", line 425, in __do_if_not_done
    getattr(self, name)()
  File "local/lib/python2.7/site-packages/ipalib/plugable.py", line 618, in load_plugins
    for package in self.packages:
  File "local/lib/python2.7/site-packages/ipalib/__init__.py", line 949, in packages
  File "local/lib/python2.7/site-packages/ipaclient/remote_plugins/__init__.py", line 120, in get_package
    server_info = ServerInfo(api)
  File "local/lib/python2.7/site-packages/ipaclient/remote_plugins/__init__.py", line 26, in __init__
    hostname = DNSName(api.env.server).ToASCII()
AttributeError: 'Env' object has no attribute 'server'

Expected behavior

Same behavior as 4.5.0:

$ cat /etc/ipa/default.conf
domain = ipa.test
$ ./freeipa.py --list
 "_meta": {
  "hostvars": {
   "replica.ipa.test": {}, 
   "server.ipa.test": {}
 "debian-servers": {
  "hosts": [
 "ipaservers": {
  "hosts": [


$ pip list|grep ipa
ipaclient (4.6.2)
ipalib (4.6.2)
ipaplatform (4.6.2)
ipapython (4.6.2)

The IPA API doesn't do DNS discovery like this. One value is required.

With ipaclient/ipalib 4.5.0, having only domain parameter defined in global section works well.

Isn' that https://pagure.io/freeipa/blob/master/f/ipalib/rpc.py#_875 "DNS discovery" ?

With both 4.5.X and 4.6.X, call to api._remote_plugins raise an AttributeError exception. Since 4.6.X doesn't have a default value for xmlrpc_uri nor jsonrpc_uri, api.env.server isn't set. Then another AttributeError exception is raised in ServerInfo constructor.

More than just the API uses these values, certmonger for example still requires xmlrpc_uri to be set.

I think for your use-case, this separate tool, is probably valid.

I'm concerned what might happen on an IPA client if default.conf is configured in this way.

Metadata Update from @rcritten:
- Issue priority set to: normal
- Issue set to the milestone: FreeIPA 4.7

a year ago

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.7.1 (was: FreeIPA 4.7)

11 months ago

FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.7.2 (was: FreeIPA 4.7.1)

8 months ago

FreeIPA 4.7.1 has been released, moving to FreeIPA 4.7.2 milestone

Login to comment on this ticket.