Thomas Woerner

RHEL-8 is using modules for idm. The ipaclient role is installing the idm:DL1/client module by default. This module also installs ipapython for use with platform-python that is also used by...

ansible-freeipa modules are supporting management nodes that are part of an IPA domain as a client or server. If the node is part of an IPA domain, all the needed...

The management node needs to deployed as a server/replica or client in an IPA domain. Installing ipaclient with pip is not able to do this. For information how to deploy...

Good point, please open a ticket to work on the error messages for missing IPA bindings.

Please add information about `externalhost` and `externaluser` to the commit message and also as a comment to the code to make is easier to understand where these are coming from...

@arozmarin Hi, you are setting two two DNS server IPs 10.30.0.110 and 10.20.0.110. Which machines are these? BTW, why are you enabling ipaclient_force_join?

`ipaclient_join` should also use `ipaclient_ca_cert_file`. This is missing at the moment.

Hi Rafael, what should be done is to keep the old code for the IPA versions where install_ca_cert is available and used and only switch to ipa-certupdate when install_ca_cert does...

It will be needed to add a new variable to ipareplica_test to active the old or new code path depending on the existence of `install_ca_cert`. Something like this would be...

This PR should only be merged after the FreeIPA PR https://github.com/freeipa/freeipa/pull/6620 has been merged.