ipaserver_use_short_names

README.md

@@ -208,4 +208,10 @@ Set up a sufficient number of servers to serve your clients
 Set up a sufficient number of Certificate Authority (CA) replicas
     Only replicas with the CA role installed can replicate certificate data. If you use the IdM CA, ensure your environment has at least two CA replicas with certificate replication agreements between them. 
 Set up a maximum of 60 replicas in a single IdM domain
-    Red Hat supports environments with up to 60 replicas. 
+    Red Hat supports environments with up to 60 replicas.
+
+### Set Domain resolution order for clients globally
+Seperate domains with colon
+```shell
+ipa config-mod --domain-resolution-order='idm.ad.test:ad.test'
+```

default.config.yml

@@ -1,5 +1,5 @@
 ---
-numberof_ipa_replicas: 5
+numberof_ipa_replicas: 3
 numberof_ipa_clients: 1
 
 ipa_realm: IDM.AD.TEST
@@ -9,9 +9,9 @@ ipa_server_name: ipa
 ipa_server_fqdn: '{{ ipa_server_name }}.{{ ipa_domain }}'
 ipa_server_ip_address: 192.168.68.11
 ipa_server_gateway: 192.168.68.254
-#ipa_replica_name: rep
-#ipa_replica_ip_address: 192.168.68.12
 ipa_client_krb5_fix: true
+# Use Short Names to Resolve and Authenticate Users/Groups
+ipaserver_use_short_names: true
 ipa_client_set_default_domain: false
 
 ad_realm: AD.TEST

provisioning/ipaserver/playbook.yml

@@ -65,10 +65,8 @@
       servicecat: all
       state: present
 
-  - name: Add DNS records for ipa clients
-    ipadnsrecord:
+  - name: Use short names to resolve and authenticate users/groups by setting domain resolution order globally
+    ipaconfig:
       ipaadmin_password: '{{ ipaadmin_password }}'
-      zone_name: idm.ad.test
-      name: rep
-      a_rec:
-        - 192.168.68.12
+      domain_resolution_order: '{{ ipa_domain }}:{{ ad_domain }}'
+    when: ipaserver_use_short_names | bool