Keep in mind that when you use RHEL, features that aren’t available (due to supported
versions restrictions) should probably not be hacked/bypassed because that would probably
void your support just as well.
If you want something unsupported you might as well use something else (Fedora, CentOS),
but at that point you can also install newer versions and then you don’t need to hack
around anymore.
Regarding your docker issue; IPA expects more than just a file and a config directory, you
can check the source code for ipaclient, the cli and the modules it imports, you’ll see a
large amount of checks it’s using to find out if the install is OK and working.
If you just want to use a few specific things, you are probably better off using the REST
API and writing a normal localised client yourself. For authentication you can then use
username+password or a kerberos keytab.
I would not recommend using a docker container that impersonates the host it’s running on,
but then I’d also not recommend enrolling every docker instance that ever gets started. I
think a similar question was asked on this list a few weeks ago, have you checked the
recent archives?
John
On 5 Jun 2019, at 09:46, Dmitry Perets via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
Hi,
Could you please help me configuring ipa tool inside the docker container which is not
enrolled?
I have a parent Linux VM that is enrolled in FreeIPA. On top of it I run a docker
container, and I mount the entire /etc/ipa and /etc/krb5.conf (both in read-only mode).
My goal is just to be able to use ipa tools, like "ipa vault-*". No need for
remote user login and other FreeIPA functionality.
I thought that having /etc/ipa/default.conf and /etc/ipa/ca.crt would be enough for ipa
tool to work.
But currently, within the container, ipa says it is not configured:
# ipa
IPA client is not configured on this system
What exactly is it looking for...?
Thanks!
P.S. ipa-client version is 4.6.4. I see that there are plans for zero-config ipa tool,
but in later versions... unfortunately, 4.6.4 is what is currently packaged into RHEL7.6
that we are using...
---
Regards,
Dmitry Perets
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...