Bug 1167994

Summary: OS-X Configuration Profile Builder for OSX Enrollment
Product: [Fedora] Fedora Reporter: Brian Topping <topping>
Component: freeipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED DEFERRED QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rawhideCC: abokovoy, ipa-maint, mkosek, pviktori, pvoborni, rcritten, ssorce
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Mac OS   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-12-19 09:16:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Brian Topping 2014-11-25 20:03:05 UTC 
Description of problem:

FreeIPA is looking great in recent versions. Servers add smoothly, Linux clients as well. How about OS-X? Is it reasonable to create a "profile generator" for Macs? http://linsec.ca/Using_FreeIPA_for_User_Authentication#Mac_OS_X_10.7.2F10.8%20%22Linsec.ca%20tutorial%20for%20connecting%20Mac%20OS%2010.7%20to%20IPA%20Server demonstrates that it's rather mechanical, but there are a lot of details to cover. http://support.apple.com/kb/PH14274 covers some of the capabilities of configuration profiles.

Expected results:

Adding a machine in the FreeIPA "hosts" UI could allow a configuration profile to be generated. When installed on the target Mac, the machine would be ready to use on the network. Encapsulating the settings like this also means the Mac user should be able to uninstall the configuration by existing means. This maps well to the "ipa-client-install" paradigm that exists for Linux.

Apologies if this is the wrong place to file this kind of thing.
Comment 1 Alexander Bokovoy 2014-11-25 20:08:33 UTC 
Hi Brian,

you are welcome to contribute a plugin to 'ipa-advise' tool. These plugins can easily inspect content of IPA database and generate scripts that could be run on the client side.

You can see how we implemented existing plugins in https://git.fedorahosted.org/cgit/freeipa.git/tree/ipaserver/advise/

For example, legacy clients plugin implements a variety of configurations for Linux and FreeBSD systems:
https://git.fedorahosted.org/cgit/freeipa.git/tree/ipaserver/advise/plugins/legacy_clients.py
Comment 2 Martin Kosek 2014-12-16 11:34:09 UTC 
I will create an upstream ticket for this request. Note that we would still like to encourage you (or anyone else from the OS-X community) to contribute the mentioned ipa-advise plugin if you want to speed things up.
Comment 3 Martin Kosek 2014-12-16 11:34:59 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4813
Comment 4 Martin Kosek 2014-12-19 09:16:45 UTC 
The issue is now tracked in upstream Trac as an RFE. We would like to encourage all OS-X users to help us with this use case as we probably won't be able to tackle it ourselves any time soon. Until then, I am closing this bug.