JR Aquino <jr.aqu...@citrix.com> wrote:
> Lets try now. Attached is the corrected patch.
> 
> There were several spots in ipa-client-install where the server could be
> defined and it was getting missed.
> I have omitted any change to ipa-client-install and instead just focused
> on ipadiscovery.py
> 
> ipadiscovery.py now performs its own fetch of the CACert just to be sure.
> 
> Regarding TLS vs LDAPS.
> 
> LDAP over SSL was common in LDAP Version 2 (LDAPv2) but it was never
> standardized in any formal specification. This usage has been deprecated
> along with LDAPv2, which was officially retired in 2003.
> 
> LDAPS is still supported, but considered deprecated in favor of TLS as
> defined in RFC2830.
> 
> On 2/17/11 2:01 AM, "Jan Zelený" <jzel...@redhat.com> wrote:
> >JR Aquino <jr.aqu...@citrix.com> wrote:
> >> This patch addresses the need to utilize TLS when using the
> >> ipa-client-install tool. It addresses ticket:
> >> https://fedorahosted.org/freeipa/ticket/974
> >
> >Nack, running ipa-client-install returned this error:
> >
> ># ipa-client-install
> >Retrieving CA from None failed.
> >Command '/usr/bin/wget -O /etc/ipa/ca.crt http://None/ipa/config/ca.crt'
> >returned non-zero exit status 4
> >
> >
> >One more question - shouldn't you use ldaps directly to connect to the
> >server?
> >Jan


Sorry, I have to Nack it again, the patch seems incoplete, since it is only 
adding some cacert fetching code to IPADiscovery.

Jan

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to