Bug 961316

Summary: "realm discover" not properly restricting returned results when "--server-software=freeipa" is used against an AD server
Product: [Fedora] Fedora Reporter: yelley
Component: realmdAssignee: Stef Walter <stefw>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: jhrozek, jrieden, stefw, yelley
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-05-09 14:58:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 959458    

Description yelley 2013-05-09 12:02:15 UTC 
Description of problem:
"realm discover" does not properly restrict returned results when "--server-software=free-ipa" is used against an AD server (in realm FOO.COM)

Version-Release number of selected component (if applicable):
realmd-0.14.0-1

Steps to Reproduce:
$ realm discover -v --server-software=free-ipa FOO.COM
foo.com
  type: kerberos
  realm-name: FOO.COM
  domain-name: foo.com
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: adcli
  required-package: samba-common
  login-formats: FOO\%U
  login-policy: allow-realm-logins

Expected results:
No results should be returned (b/c we are restricting results to be for realms that support free-ipa server software - which AD doesn't).
Comment 1 yelley 2013-05-09 12:08:30 UTC 
I noticed I previously used "free-ipa" instead of the correct value of "freeipa". However, I am still seeing the same problem when using "freeipa", although I no longer see the login-policy field. There is also some extra initial output.

$ realm discover -v --server-software=freeipa FOO.COM
 * Resolving: _ldap._tcp.dc._msdcs.foo.com
 * Sending MS-CLDAP ping to: 10.16.189.20
 * Successfully discovered: foo.com
foo.com
  type: kerberos
  realm-name: FOO.COM
  domain-name: foo.com
  configured: kerberos-member
  server-software: active-directory
  client-software: sssd
  required-package: sssd-tools
  required-package: sssd
  required-package: adcli
  required-package: samba-common
  login-formats: FOO\%U
Comment 2 yelley 2013-05-09 14:58:00 UTC 
It turns out that my environment was messed up. After fixing my environment, I am no longer seeing this bug. Sorry about that. This bug can be closed.