On Thu, 2011-05-19 at 22:36 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Mon, 2011-04-11 at 17:05 -0400, Rob Crittenden wrote:
> >> Enable 389-ds SSL host checking by defauilt
> >>
> >> Enforce that the remote hostname matches the remote SSL server
> >> certificate when 389-ds operates as an SSL client.
> >>
> >> Also add an update file to turn this off for existing installations.
> >>
> >> ticket 1069
> >>
> >> rob
> >
> > NACK. 10-config.update fails to upgrade existing installation:
> >
> > # ipa-ldap-updater --upgrade
> > Upgrading IPA:
> >    [1/8]: stopping directory server
> >    [2/8]: saving configuration
> >    [3/8]: disabling listeners
> >    [4/8]: starting directory server
> >    [5/8]: upgrading server
> > ERROR:root:Update failed: Server is unwilling to perform: Deleting 
> > attributes is not allowed
> >    [6/8]: stopping directory server
> >    [7/8]: restoring configuration
> >    [8/8]: starting directory server
> > done configuring dirsrv.
> >
> > Martin
> >
> 
> Updated patch attached. I had to make the ldap updater do REPLACE 
> operations. I went ahead and made this code similar to the code in 
> ldap2.py for consistency.
> 
> rob

ACK. Both LDAP upgrade and a fresh installation work fine.

Martin

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to