On 07/03/2014 03:21 PM, Petr Spacek wrote: > On 2.7.2014 15:52, Alexander Bokovoy wrote: >> When nsslapd-minssf is greater than 0, running as root >> ipa-ldap-updater [-l] >> will fail even if we force use of autobind for root over LDAPI. >> >> The reason for this is that schema updater doesn't get ldapi flag passed >> and attempts to connect to LDAP port instead and for hardened >> configurations using simple bind over LDAP is not enough. >> >> Additionally, report properly previously unhandled LDAP exceptions. >> https://fedorahosted.org/freeipa/ticket/3468 >> >> Note that the ticket is in 'Future releases' but we have this bug in 3.3 >> and in my view it is serious enough to fix it. > > ACK from functional perspective. I have tested clean installation and upgrade > from 3.3.5 (Fedora 20) and both works. > > Also ipa-ldap-updates works with minssf = 56. > > It can be pushed if there is no problem with Python side of things. >
Looks good to me. Pushed to master: a9fe37e0664079ad2da7b0d9b9b7c7e244a25bf9 Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel