From 609f12c4fc9f84dc3ac37bae345eddf78b025c69 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Fri, 15 Sep 2017 12:52:05 +0200
Subject: [PATCH] roles/ipaclient/tasks/install.yml: Set default principal if
 not set

If use_otp is not enabled, then the principal will be set to "admin" after
the discovery has been done. If use_otp is enabled, then the princial will
be set to "admin" after the join has been done - as admin will not match
with the otp.
---
 roles/ipaclient/tasks/install.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index 360b5536..0d07a4d5 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -16,6 +16,11 @@
     check: yes
   register: ipadiscovery
 
+- name: Install - Set default principal if no keytab is given and no OTP usage
+  set_fact:
+    ipaclient_principal: admin
+  when: ipaclient_principal is undefined and ipaclient_keytab is undefined and not ipaclient_use_otp | bool
+
 # The following block is executed when using OTP to enroll IPA client
 # ie when ipaclient_use_otp is set.
 # It connects to ipaserver and add the host with --random option in order
@@ -125,6 +130,11 @@
     #debug: yes
   register: ipaapi
 
+- name: Install - Set default principal after OTP usage
+  set_fact:
+    ipaclient_principal: admin
+  when: ipaclient_principal is undefined and ipaclient_keytab is undefined and ipaclient_use_otp | bool
+
 - name: Install - Create IPA NSS database
   ipanss:
     servers: "{{ ipadiscovery.servers }}"
-- 
GitLab