Jump to: navigation, search

FreeIPAv2:Config Files

FreeIPAv2 Development Documentation

Please note that this content was made during FreeIPAv2 development and it may no longer be relevant for current versions of FreeIPA. We left the content here for study and archaeological purposes.

Please check our Documentation for a recent list of topics.

Configuration files

The server and client share a common core configuration file, /etc/ipa/default.conf. This file is read by the server at startup and the ipa command every time it is executed.

The section [global] is mandatory and the only section used. A sample default configuration file is:


These values are shared between the client and server (on the same machine). If you need to make client or server-specific configuration changes you can create a configuration file for it. For the server used /etc/ipa/server.conf and for client configuration used /etc/ipa/cli.conf

For example, if you want to enable debug logging for the server only, create /etc/ipa/server.conf containing:


To always have verbose mode set on the client, create /etc/ipa/cli.conf that contains:



The order that file configuration files are read is:

  1. context file (/etc/ipa/server.conf or /etc/ipa/cli.conf)
  2. default file (/etc/ipa/default.conf)

Once an attribute is set it is not overridden if it appears in another configuration file.

For example, if you set debug=True in server.conf and debug=False in default.conf then it will be True because the value in default.conf will be ignored.