On Apr 8, 2011, at 8:53 AM, "Rob Crittenden" <rcrit...@redhat.com> wrote:

> JR Aquino wrote:
>> 
>> On Apr 8, 2011, at 8:03 AM, Rob Crittenden wrote:
>> 
>>>> On Apr 8, 2011, at 7:24 AM, "Rob Crittenden"<rcrit...@redhat.com>   wrote:
>>>> 
>>>>> ipa-nis-manage was failing because root has very limited capabilities 
>>>>> when binding over ldapi because of autobind. So don't use ldapi.
>>>>> 
>>>>> Also force this to be run as root since we start/stop and 
>>>>> configure/unconfigure services.
>>>>> 
>>>>> ticket 1157
>>>>> 
>>>>> rob
>>>>> <freeipa-rcrit-767-nis.patch>
>> 
>>> JR Aquino wrote:
>>>> Does this imply the use of ldap with tls now or just standard ldap?
>>>> 
>>>> There was a previous ticket that changed this and many other tools such 
>>>> that they used ldapi to accommodate FreeIPA with a minssf set.
>>> 
>>> It uses 389, no TLS.
>>> 
>>> rob
>> 
>> Is there a way to solve both problems?
>> 
>> #1 Autobind limits root ->  ldapi
>> #2 IPA Tools should not fail when 389ds:dse.ldif has minssf set?
>> 
>> -Fixed the top posting. sorry about that.-
> 
> Maybe, I also want to apply an appropriate level of effort. In reality this 
> command is going to be run 1 or 2 times in the lifetime of an IPA server.
> 
> rob

Fair enough. The minssf gate should apply to the pieces that have a higher 
usage frequency.


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to