On 07/03/2014 03:21 PM, Petr Spacek wrote:
> On 2.7.2014 15:52, Alexander Bokovoy wrote:
>> When nsslapd-minssf is greater than 0, running as root
>>   ipa-ldap-updater [-l]
>> will fail even if we force use of autobind for root over LDAPI.
>> The reason for this is that schema updater doesn't get ldapi flag passed
>> and attempts to connect to LDAP port instead and for hardened
>> configurations using simple bind over LDAP is not enough.
>> Additionally, report properly previously unhandled LDAP exceptions.
>> https://fedorahosted.org/freeipa/ticket/3468
>> Note that the ticket is in 'Future releases' but we have this bug in 3.3
>> and in my view it is serious enough to fix it.
> ACK from functional perspective. I have tested clean installation and upgrade
> from 3.3.5 (Fedora 20) and both works.
> Also ipa-ldap-updates works with minssf = 56.
> It can be pushed if there is no problem with Python side of things.

Looks good to me.

Pushed to master: a9fe37e0664079ad2da7b0d9b9b7c7e244a25bf9


Freeipa-devel mailing list

Reply via email to