Lets try now. Attached is the corrected patch.

There were several spots in ipa-client-install where the server could be
defined and it was getting missed.
I have omitted any change to ipa-client-install and instead just focused
on ipadiscovery.py

ipadiscovery.py now performs its own fetch of the CACert just to be sure.

Regarding TLS vs LDAPS.

LDAP over SSL was common in LDAP Version 2 (LDAPv2) but it was never
standardized in any formal specification. This usage has been deprecated
along with LDAPv2, which was officially retired in 2003.

LDAPS is still supported, but considered deprecated in favor of TLS as
defined in RFC2830.

On 2/17/11 2:01 AM, "Jan Zelený" <jzel...@redhat.com> wrote:

>JR Aquino <jr.aqu...@citrix.com> wrote:
>> This patch addresses the need to utilize TLS when using the
>> ipa-client-install tool. It addresses ticket:
>> https://fedorahosted.org/freeipa/ticket/974
>Nack, running ipa-client-install returned this error:
># ipa-client-install
>Retrieving CA from None failed.
>Command '/usr/bin/wget -O /etc/ipa/ca.crt http://None/ipa/config/ca.crt'
>returned non-zero exit status 4
>One more question - shouldn't you use ldaps directly to connect to the

Attachment: binRzo02LE4jS.bin
Description: freeipa-jraquino-0018-2-Use-TLS-for-ipadiscovery-during-ipa-client-inst.patch

Freeipa-devel mailing list

Reply via email to