On Thu, 2011-05-19 at 22:36 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Mon, 2011-04-11 at 17:05 -0400, Rob Crittenden wrote:
> >> Enable 389-ds SSL host checking by defauilt
> >> Enforce that the remote hostname matches the remote SSL server
> >> certificate when 389-ds operates as an SSL client.
> >> Also add an update file to turn this off for existing installations.
> >> ticket 1069
> >> rob
> > NACK. 10-config.update fails to upgrade existing installation:
> > # ipa-ldap-updater --upgrade
> > Upgrading IPA:
> > [1/8]: stopping directory server
> > [2/8]: saving configuration
> > [3/8]: disabling listeners
> > [4/8]: starting directory server
> > [5/8]: upgrading server
> > ERROR:root:Update failed: Server is unwilling to perform: Deleting
> > attributes is not allowed
> > [6/8]: stopping directory server
> > [7/8]: restoring configuration
> > [8/8]: starting directory server
> > done configuring dirsrv.
> > Martin
> Updated patch attached. I had to make the ldap updater do REPLACE
> operations. I went ahead and made this code similar to the code in
> ldap2.py for consistency.
ACK. Both LDAP upgrade and a fresh installation work fine.
Freeipa-devel mailing list