As admin , I want/suggest. that ipa-server-install validates that hostname and domain are not the same. Or that hostname fqdn is part of domain name.
I installed ipa via:
ipa-server-install ... --setup-dns --domain sub.example.com --hostname sub.example.com
It's my mistake to wright the wrong hostname. But the installer is successful. It has created the DNS domain sub.example.com. But also has tried to add its own host name to this domain. But this has the same name as the domain. so it has add dns A record with empty string. This gives invalid records and breaks ui of the web interface.
You could argue that problem is in the part that added records. But i think the best solution is to validate when installing that hostname is not equal to domain. It might also be a idee to validate if hostaname fqdn is part of the domain. But this might break existing setups.
install with ipa-server-install ... --setup-dns --domain c --hostname sub.example.com
It's a Rhel 8.4 system $ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
package freeipa-server is not installed package freeipa-client is not installed ipa-server-4.9.2-4.module+el8.4.0+11156+94d209c1.x86_64 ipa-client-4.9.2-4.module+el8.4.0+11156+94d209c1.x86_64 389-ds-base-1.4.3.16-19.module+el8.4.0+11894+f5bb5c43.x86_64 pki-ca-10.10.5-3.module+el8.4.0+11039+635979e4.noarch krb5-server-1.18.2-8.el8.x86_6
If you are interested, i could make pull request If its clear we agree on the solution
Checking that IPA server hostname != IPA domain can be done, I think it is a good suggestion.
In general, IPA server hostname can be anything, even outside of IPA domain. This often happens if you are intending to bootstrap a particular configuration that will be grafted into an existing environment later.
Metadata Update from @rcritten: - Issue assigned to rcritten
PR https://github.com/freeipa/freeipa/pull/6853
master:
ipa-4-9:
ipa-4-10:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.