On 2.7.2014 15:52, Alexander Bokovoy wrote:
When nsslapd-minssf is greater than 0, running as root
  ipa-ldap-updater [-l]
will fail even if we force use of autobind for root over LDAPI.

The reason for this is that schema updater doesn't get ldapi flag passed
and attempts to connect to LDAP port instead and for hardened
configurations using simple bind over LDAP is not enough.

Additionally, report properly previously unhandled LDAP exceptions.

Note that the ticket is in 'Future releases' but we have this bug in 3.3
and in my view it is serious enough to fix it.

ACK from functional perspective. I have tested clean installation and upgrade from 3.3.5 (Fedora 20) and both works.

Also ipa-ldap-updates works with minssf = 56.

It can be pushed if there is no problem with Python side of things.

Petr^2 Spacek

Freeipa-devel mailing list

Reply via email to