Bug 1399606

Summary: ipa-client-install uses an hardcoded account name to test configuration
Product: Red Hat Enterprise Linux 7 Reporter: Silvio Wanka <Silvio.Wanka>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED DUPLICATE QA Contact: Kaleem <ksiddiqu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.2CC: pvoborni, rcritten
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-12-09 17:19:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Silvio Wanka 2016-11-29 12:04:23 UTC 
Description of problem:
It is a recommended way to don't use the default Administrator names. So I have changed this user. If I join a new computer to the IdM domain I specify this new name as "User authorized to enroll computers" and its password. The join works but always with an error message: "Unable to reliably detect configuration. Check NSS setup manually." and it will also call hardcode_ldap_server() which is not necessary because the test is wrong. So please use in /sbin/ipa-client-install line 2991 principal instead "admin@%s" if principal is set or find another way to test without hardcoded user names.

Version-Release number of selected component (if applicable):
ipa-client-4.2.0-15.el7_2.17.x86_64
Comment 2 Rob Crittenden 2016-11-29 14:48:05 UTC 
Agreed, if a principal is provided for binding then that user should be used in the getent call.

This is just a sanity check to ensure that sssd is up and running and can identify users. The admin user is the only one created by IPA by default which is why it is currently hardcoded.

In any case this isn't considered a hard failure which is why the installation continues.
Comment 3 Petr Vobornik 2016-12-09 17:19:44 UTC 
Upstream: https://fedorahosted.org/freeipa/ticket/5406

Existing bz: bug 1274488

This may be fixed upstream in 4.5 development but no guarantees.

*** This bug has been marked as a duplicate of bug 1274488 ***