Bug 810987

Summary: AIX client documentation order clarification.
Product: [Fedora] Fedora Reporter: Jason Balicki <jebalicki>
Component: freeipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 16CC: abokovoy, dpal, extras-orphan, jgalipea, mkosek, notting, rcritten, ssorce
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 810990 (view as bug list) Environment:
Last Closed: 2012-05-03 10:53:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 810990    

Description Jason Balicki 2012-04-09 19:37:27 UTC 
Description of problem:

Step 3 of the AIX client installation documentation states:

"Configure the LDAP client settings to use the IPA directory services:
# mksecldap -c -h ipaserver.example.com -d cn=accounts,dc=example,dc=com -a uid=nss,cn=sysaccounts,cn=etc,dc=example,dc=com -p secret"

However, this user is not created on the ipa server until step 11 h:

"On the IPA server, add a user that is only used for authentication. (This can be substituted with krb5 authentication if that works from the LDAP client). Otherwise go to the IPA server and use ldapmodify, bind as Directory Manager and create this user. The user should be assigned a shared password.
ldapmodify -D "cn=directory manager" -w secret -p 389 -h ipaserver.example.com -x -a

dn: uid=nss,cn=sysaccounts,cn=etc,dc=example,dc=com
objectClass: account
objectClass: simplesecurityobject
objectClass: top
uid: nss
userPassword: secretpassword"

If a user follows these instructions in this order then the mksecldap command will fail.

Step 11 h should be moved to step 3 a, and the existing step 3 should be moved to step 3 b.
Comment 1 Martin Kosek 2012-04-23 11:27:51 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2666
Comment 2 Martin Kosek 2012-05-03 10:53:44 UTC 
The steps have been reordered:

http://docs.fedoraproject.org/en-US/Fedora/16/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_AIX.html#Configuring_an_IPA_Client_on_AIX-Configuring_Client_Authentication

Closing the bug.