On 23/10/15 08:39, Petr Vobornik wrote:
not sure if the change in2606f5aecd6ac0db31abb515b691529bb7eaf14e was a
mistake or done on purpose.

Anyway:
commit 2606f5aecd6ac0db31abb515b691529bb7eaf14e

has:
-            realm, hostname, dirman_passwd, port, starttls=True)
+            realm, hostname, dirman_passwd, port)

In CSReplicationManager

which causes, e.g.:

ipa-csreplica-manage -p Secret123 list ipa.example.com
cannot connect to 'ldaps://ipa.example.com:389': TLS error
-5938:Encountered end of file

Attached patch reverts it.

I am not sure it was a mistake, we have changed replication from using TLS to always use LDAP+GSSAPI, so why is ipa-csreplica-manage depending on ldaps anyway ?

It may need to when dealing with very old domains where we have split instances for CS and IPA, but not in anything modern. I would rather change the command to cope with using LDAP+GSSAPI.

A simple revert may break something in replica promotion, would need to be tested with a full master+replica install.

Simo.

--
Simo Sorce * Red Hat, Inc * New York

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to