Martin Kosek wrote:
On Mon, 2011-04-11 at 17:05 -0400, Rob Crittenden wrote:
Enable 389-ds SSL host checking by defauilt

Enforce that the remote hostname matches the remote SSL server
certificate when 389-ds operates as an SSL client.

Also add an update file to turn this off for existing installations.

ticket 1069


NACK. 10-config.update fails to upgrade existing installation:

# ipa-ldap-updater --upgrade
Upgrading IPA:
   [1/8]: stopping directory server
   [2/8]: saving configuration
   [3/8]: disabling listeners
   [4/8]: starting directory server
   [5/8]: upgrading server
ERROR:root:Update failed: Server is unwilling to perform: Deleting attributes 
is not allowed
   [6/8]: stopping directory server
   [7/8]: restoring configuration
   [8/8]: starting directory server
done configuring dirsrv.


Updated patch attached. I had to make the ldap updater do REPLACE operations. I went ahead and made this code similar to the code in for consistency.


Attachment: freeipa-rcrit-769-2-ssl.patch
Description: application/mbox

Freeipa-devel mailing list

Reply via email to