RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1658287 - ipa-advise command points to old URL's.
Summary: ipa-advise command points to old URL's.
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: ipa
Version: 8.0
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: rc
: 8.0
Assignee: IPA Maintainers
QA Contact: Kaleem
URL:
Whiteboard:
Depends On: 1638545
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-11 17:00 UTC by Thomas Woerner
Modified: 2019-06-14 01:19 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1638545
Environment:
Last Closed: 2019-06-14 01:19:23 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Comment 2 Varun Mylaraiah 2019-01-10 12:31:49 UTC 
Verified
ipa-server-4.7.1-7.module+el8+2555+b334d87b.x86_64

Now ipa-advise command points to the working URL "https://pagure.io/authconfig/raw/master/f/cacertdir_rehash"

Console Output:
===============
 ipa-advise config-generic-linux-sssd-before-1-9
#!/bin/sh
# ----------------------------------------------------------------------
# Instructions for configuring a system with an old version of SSSD
# (1.5-1.8) as a IPA client. This set of instructions is targeted for
# linux systems that do not include the authconfig utility.
# ----------------------------------------------------------------------
# Schema Compatibility plugin has not been configured on this server. To
# configure it, run "ipa-adtrust-install --enable-compat"
# Install required packages using your system's package manager. E.g:
apt-get -y install sssd curl openssl

# Please note that this script assumes /etc/openldap/cacerts as the
# default CA certificate location. If this value is different on your
# system the script needs to be modified accordingly.
# Download the CA certificate of the IPA server
mkdir -p -m 755 /etc/openldap/cacerts
curl http://kvm-02-guest11.testrelm0901a.test/ipa/config/ca.crt -o /etc/openldap/cacerts/ipa.crt

# Generate hashes for the openldap library
command -v cacertdir_rehash
if [ $? -ne 0 ] ; then
 curl "https://pagure.io/authconfig/raw/master/f/cacertdir_rehash" -o cacertdir_rehash ;
 chmod 755 ./cacertdir_rehash ;
 ./cacertdir_rehash /etc/openldap/cacerts/ ;
else
 cacertdir_rehash /etc/openldap/cacerts/ ;
fi

# Configure ldap.conf. Set the value of TLS_CACERTDIR to
# /etc/openldap/cacerts. Make sure that the location of ldap.conf file
# matches your system's configuration.
echo "TLS_CACERTDIR /etc/openldap/cacerts" >> /etc/ldap/ldap.conf

# Configure nsswitch.conf. Append sss to the lines beginning with passwd
# and group.
grep "^passwd.*sss" /etc/nsswitch.conf
if [ $? -ne 0 ] ; then sed -i '/^passwd/s|$| sss|' /etc/nsswitch.conf ; fi
grep "^group.*sss" /etc/nsswitch.conf
if [ $? -ne 0 ] ; then sed -i '/^group/s|$| sss|' /etc/nsswitch.conf ; fi

# Configure PAM. Configuring the PAM stack differs on particular
# distributions. The resulting PAM stack should look like this:
cat > /etc/pam.conf << EOF 
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_sss.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_sss.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3 type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password    sufficient    pam_sss.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_sss.so

EOF

# Configure SSSD
cat > /etc/sssd/sssd.conf << EOF 
[sssd]
services = nss, pam
config_file_version = 2
domains = default
re_expression = (?P<name>.+)

[domain/default]
cache_credentials = True
id_provider = ldap
auth_provider = ldap
ldap_uri = ldap://kvm-02-guest11.testrelm0901a.test
ldap_search_base = cn=compat,dc=testrelm0901a,dc=test
ldap_tls_cacert = /etc/openldap/cacerts/ipa.crt

EOF
chmod 0600 /etc/sssd/sssd.conf

# Start SSSD
service sssd start



Based on the above observation, marking the bug VERIFIED
Note You need to log in before you can comment on or make changes to this bug.