internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-07 05:43:26 +00:00
Code Issues Projects Releases Wiki Activity

ipaclient: Fix krb5 DNS lookup and servers

Browse Source 
The krb5 DNS lookup settings krb5_dns_lookup_realm and krb5_dns_lookup_kdc
ans also the servers have not been set properly set if no server has been
specified and discovery succeeded. This has been fixed.

This fixes issue #23.
This commit is contained in:
Thomas Woerner
2018-05-18 14:17:30 +02:00
parent a4b2401e4f
commit 3e9568e39e
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
roles/ipaclient/tasks/install.yml
View File

@@ -168,10 +168,10 @@
include_role:
name: krb5
vars:
krb5_servers: "{{ [ ] if ipadiscovery.dnsok else ipadiscovery.servers }}"
krb5_servers: "{{ ipadiscovery.servers if not ipadiscovery.dnsok or not ipadiscovery.kdc else [ ] }}"
krb5_realm: "{{ ipadiscovery.realm }}"
krb5_dns_lookup_realm: "{{ 'true' if ipadiscovery.dnsok else 'false' }}"
krb5_dns_lookup_kdc: "{{ 'true' if ipadiscovery.dnsok else 'false' }}"
krb5_dns_lookup_realm: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
krb5_dns_lookup_kdc: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
krb5_no_default_domain: "{{ 'true' if ipadiscovery.domain != ipadiscovery.client_domain else 'false' }}"
krb5_pkinit_anchors: "FILE:/etc/ipa/ca.crt"
when: not ipaclient_on_master | bool and ipadiscovery.ipa_python_version <= 40400
@@ -180,10 +180,10 @@
include_role:
name: krb5
vars:
krb5_servers: "{{ [ ] if ipadiscovery.dnsok else ipadiscovery.servers }}"
krb5_servers: "{{ ipadiscovery.servers if not ipadiscovery.dnsok or not ipadiscovery.kdc else [ ] }}"
krb5_realm: "{{ ipadiscovery.realm }}"
krb5_dns_lookup_realm: "{{ 'true' if ipadiscovery.dnsok else 'false' }}"
krb5_dns_lookup_kdc: "{{ 'true' if ipadiscovery.dnsok else 'false' }}"
krb5_dns_lookup_realm: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
krb5_dns_lookup_kdc: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
krb5_no_default_domain: "{{ 'true' if ipadiscovery.domain != ipadiscovery.client_domain else 'false' }}"
krb5_dns_canonicalize_hostname: "false"
krb5_pkinit_pool: "FILE:/var/lib/ipa-client/pki/ca-bundle.pem"