RFE: ipa client should setup openldap for GSSAPI

The IPA client installer currently edits /etc/openldap/ldap.conf, setting up
the client to consume LDAP data from IPA.  It currently sets:
URI
BASE
TLS_CACERT

This PR makes ipa-client to add this AV pair:
SASL_MECH GSSAPI

Resolves: https://pagure.io/freeipa/issue/7366
Reviewed-By: Christian Heimes <[email protected]>
Reviewed-By: Florence Blanc-Renaud <[email protected]>

1 files changed, 12 insertions, 2 deletions

diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py
index 2d3cdf088..0526833dd 100644
--- a/ipaclient/install/client.py
+++ b/ipaclient/install/client.py
@@ -522,8 +522,12 @@ def configure_openldap_conf(fstore, cli_basedn, cli_server):
         {
             'name': 'comment',
             'type': 'comment',
-            'value': '   URI, BASE and TLS_CACERT have been added if they '
-                     'were not set.'
+            'value': '   URI, BASE, TLS_CACERT and SASL_MECH'
+        },
+        {
+            'name': 'comment',
+            'type': 'comment',
+            'value': '   have been added if they were not set.'
         },
         {
             'name': 'comment',
@@ -573,6 +577,12 @@ def configure_openldap_conf(fstore, cli_basedn, cli_server):
             'type': 'option',
             'value': paths.IPA_CA_CRT
         },
+        {
+            'action': 'addifnotset',
+            'name': 'SASL_MECH',
+            'type': 'option',
+            'value': 'GSSAPI'
+        },
     ]
 
     target_fname = paths.OPENLDAP_LDAP_CONF