JR Aquino wrote:
On Apr 8, 2011, at 8:56 AM, "JR Aquino"<jr.aqu...@citrix.com> wrote:
On Apr 8, 2011, at 8:53 AM, "Rob Crittenden"<rcrit...@redhat.com> wrote:
JR Aquino wrote:
On Apr 8, 2011, at 8:03 AM, Rob Crittenden wrote:
On Apr 8, 2011, at 7:24 AM, "Rob Crittenden"<rcrit...@redhat.com> wrote:
ipa-nis-manage was failing because root has very limited capabilities when
binding over ldapi because of autobind. So don't use ldapi.
Also force this to be run as root since we start/stop and configure/unconfigure
services.
ticket 1157
rob
<freeipa-rcrit-767-nis.patch>
JR Aquino wrote:
Does this imply the use of ldap with tls now or just standard ldap?
There was a previous ticket that changed this and many other tools such that
they used ldapi to accommodate FreeIPA with a minssf set.
It uses 389, no TLS.
rob
Is there a way to solve both problems?
#1 Autobind limits root -> ldapi
#2 IPA Tools should not fail when 389ds:dse.ldif has minssf set?
-Fixed the top posting. sorry about that.-
Maybe, I also want to apply an appropriate level of effort. In reality this
command is going to be run 1 or 2 times in the lifetime of an IPA server.
rob
Fair enough. The minssf gate should apply to the pieces that have a higher
usage frequency.
Does the limitation of autobind with root mean that all of the tools that use
ldapi need to be revisited and turned back to 389?
ipa-host-net-manage and ipa-compat-manage work ok for me with this patch
applied.
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel