Menu Close

Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 9. Options for the ipa-server-install and ipa-replica-install commands

The ipa-server-install and ipa-replica-install commands have numerous arguments you can use to supply additional information that is not requested during an interactive installation. You can also use these options to script an unattended installation. The following table displays some of the most common options. For an exhaustive list of options, see the ipa-server-install(1) and ipa-replica-install(1) man pages.

Table 9.1. Options for the ipa-server-install and ipa-replica-install commands


-a <ipa_admin_password>

The password for the admin IdM administrator account to authenticate to the Kerberos realm.

-d, --debug

Enables debug logging for more verbose output.

--dirsrv-config-file <LDIF_file_name>

The path to an LDIF file used to modify the configuration of the directory server instance.

The fully-qualified domain name of the IdM server machine. Only numbers, lowercase alphabetic characters, and hyphens (-) are allowed.


Sets the upper bound for IDs which can be assigned by the IdM server. The default value is the ID start value plus 199999.


Sets the lower bound, or starting value, for IDs which can be assigned by the IdM server. The default value is randomly selected.


Specifies the IP address of the server. This option only accepts IP addresses associated with the local interface.


The name of the LDAP server domain to use for the IdM domain. This is usually based on the IdM server’s hostname.

-p <directory_manager_password>

The password for the superuser, cn=Directory Manager, for the LDAP service.

-P <kerberos_main_password>

The password for the KDC administrator. If you do not specify a value, this is randomly generated.


The name of the Kerberos realm to create for the IdM domain in uppercase, such as EXAMPLE.COM.


Install and configure a CA on this replica. If a CA is not configured, certificate operations are forwarded to another replica with a CA installed.


Gives a DNS forwarder to use with the DNS service. To specify more than one forwarder, use this option multiple times.


Uses root servers with the DNS service instead of forwarders.


Does not create a reverse DNS zone when the DNS domain is set up. (If a reverse DNS zone is already configured, then that existing reverse DNS zone is used.) If this option is not used, then the default value is true, which assumes that reverse DNS should be configured by the installation script.


Tells the installation script to set up a DNS service within the IdM domain. Using an integrated DNS service is optional, so if this option is not passed with the installation script, then no DNS is configured.

-U, --unattended

Enable an unattended installation session that does not prompt for user input.

Additional resources

  • ipa-server-install(1) man page
  • ipa-replica-install(1) man page