Martin Kosek wrote:
On Mon, 2011-04-11 at 17:05 -0400, Rob Crittenden wrote:Enable 389-ds SSL host checking by defauiltEnforce that the remote hostname matches the remote SSL server certificate when 389-ds operates as an SSL client. Also add an update file to turn this off for existing installations. ticket 1069 robNACK. 10-config.update fails to upgrade existing installation: # ipa-ldap-updater --upgrade Upgrading IPA: [1/8]: stopping directory server [2/8]: saving configuration [3/8]: disabling listeners [4/8]: starting directory server [5/8]: upgrading server ERROR:root:Update failed: Server is unwilling to perform: Deleting attributes is not allowed [6/8]: stopping directory server [7/8]: restoring configuration [8/8]: starting directory server done configuring dirsrv. Martin
Updated patch attached. I had to make the ldap updater do REPLACE operations. I went ahead and made this code similar to the code in ldap2.py for consistency.
_______________________________________________ Freeipa-devel mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-devel