kanidm: Don't set default domain_name `example.com`
Continuing https://github.com/kanidm/kanidm/pull/617#issuecomment-978373115 here.
As I already laid out, I think it’s an unintuitive situation that domain_name is currently set to example.com at first startup and then must be changed by the user. A server that is configured with example.com is unusable for every situation (except in integration tests), but pretends to be in a state where everything is configured properly.
From a user side the ideal solution imo would be:
When no domain_name is set yet, the server quickly fails, communicating what needs to be done to the user.
$ kanidmd server
Creating db...
There is currently no domain_name set. Run `kanidmd domain_name_change` to set one. Also see the docs here blabla
Also it would be nice to have kanidmd domain_name_change create the db at startup if it doesn’t exist yet, so it would be optional to run kanidmd server first.
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 3
- Comments: 17 (14 by maintainers)
You’re welcome! Looking forward to integrate kanidm into my everyday setup 😃
Okay, I’m working on a PR for this now. @erictapen and @Flakebi thank you both for your extreme patience as we discussed this, there are going to be some nice changes in the end here I think 😃
Hi, just wanted to stop by to mention that changing the domain name would be simpler if
domain_name_changewould not require theoriginfrom the old domain to work, so that updating the config and then callingdomain_name_changewould work.It’s possible to extract the current domain name, but it starts to look slightly complicated 😃 (https://github.com/NixOS/nixpkgs/blob/9df6062b9efc9ac2906eb75a5917c0b0d9424062/nixos/modules/services/security/kanidm.nix#L214-L241)
(As a bonus, I guess it would be nice to get a != 0 exit status if kanidmd exits because of a mismatched origin.)
Cool!