Martin Kosek wrote:
On Mon, 2011-04-11 at 17:05 -0400, Rob Crittenden wrote:
Enable 389-ds SSL host checking by defauilt

Enforce that the remote hostname matches the remote SSL server
certificate when 389-ds operates as an SSL client.

Also add an update file to turn this off for existing installations.

ticket 1069

rob

NACK. 10-config.update fails to upgrade existing installation:

# ipa-ldap-updater --upgrade
Upgrading IPA:
   [1/8]: stopping directory server
   [2/8]: saving configuration
   [3/8]: disabling listeners
   [4/8]: starting directory server
   [5/8]: upgrading server
ERROR:root:Update failed: Server is unwilling to perform: Deleting attributes 
is not allowed
   [6/8]: stopping directory server
   [7/8]: restoring configuration
   [8/8]: starting directory server
done configuring dirsrv.

Martin


Updated patch attached. I had to make the ldap updater do REPLACE operations. I went ahead and made this code similar to the code in ldap2.py for consistency.

rob

Attachment: freeipa-rcrit-769-2-ssl.patch
Description: application/mbox

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to