From 8cdf6a3dd64d36f40a9107dad2ab2d9a470f58b5 Mon Sep 17 00:00:00 2001
From: amitkuma <amitkuma@redhat.com>
Date: Tue, 16 Jan 2018 17:34:08 +0530
Subject: [PATCH] RFE: ipa client should setup openldap for GSSAPI

The IPA client installer currently edits /etc/openldap/ldap.conf, setting up
the client to consume LDAP data from IPA.  It currently sets:
URI
BASE
TLS_CACERT

This PR makes ipa-client to add this AV pair:
SASL_MECH GSSAPI

Resolves: https://pagure.io/freeipa/issue/7366
Reviewed-By: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>
---
 ipaclient/install/client.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py
index babebfc667c5a096fb2e0238de444ffa3ce62b77..ca404ab80fd1586e7098950545a343fa6812ca39 100644
--- a/ipaclient/install/client.py
+++ b/ipaclient/install/client.py
@@ -523,8 +523,12 @@ def configure_openldap_conf(fstore, cli_basedn, cli_server):
         {
             'name': 'comment',
             'type': 'comment',
-            'value': '   URI, BASE and TLS_CACERT have been added if they '
-                     'were not set.'
+            'value': '   URI, BASE, TLS_CACERT and SASL_MECH'
+        },
+        {
+            'name': 'comment',
+            'type': 'comment',
+            'value': '   have been added if they were not set.'
         },
         {
             'name': 'comment',
@@ -575,6 +579,12 @@ def configure_openldap_conf(fstore, cli_basedn, cli_server):
             'type': 'option',
             'value': paths.IPA_CA_CRT
         },
+        {
+            'action': 'addifnotset',
+            'name': 'SASL_MECH',
+            'type': 'option',
+            'value': 'GSSAPI'
+        },
     ]
 
     target_fname = paths.OPENLDAP_LDAP_CONF
-- 
2.20.1