Martin Kosek wrote:
On Thu, 2011-05-19 at 22:36 -0400, Rob Crittenden wrote:
Martin Kosek wrote:
On Mon, 2011-04-11 at 17:05 -0400, Rob Crittenden wrote:
Enable 389-ds SSL host checking by defauilt

Enforce that the remote hostname matches the remote SSL server
certificate when 389-ds operates as an SSL client.

Also add an update file to turn this off for existing installations.

ticket 1069


NACK. 10-config.update fails to upgrade existing installation:

# ipa-ldap-updater --upgrade
Upgrading IPA:
    [1/8]: stopping directory server
    [2/8]: saving configuration
    [3/8]: disabling listeners
    [4/8]: starting directory server
    [5/8]: upgrading server
ERROR:root:Update failed: Server is unwilling to perform: Deleting attributes 
is not allowed
    [6/8]: stopping directory server
    [7/8]: restoring configuration
    [8/8]: starting directory server
done configuring dirsrv.


Updated patch attached. I had to make the ldap updater do REPLACE
operations. I went ahead and made this code similar to the code in for consistency.


ACK. Both LDAP upgrade and a fresh installation work fine.


pushed to master and ipa-2-0

Freeipa-devel mailing list

Reply via email to