On 03/01/2016 10:36 AM, Petr Vobornik wrote:
> On 02/26/2016 03:29 PM, Petr Spacek wrote:
>> On 25.2.2016 18:01, Petr Vobornik wrote:
>>> I did not add --enableldapstarttls to config_redhat_nss_ldap because
>>> I'm not
>>> sure if it is present on el5 (IMO it is not).
>>>
>>> authconfig in:
>>> * config_redhat_nss_ldap got
>>>    * --enableldaptls
>>>
>>> * config_redhat_nss_pam_ldapd got
>>>    * --enableldaptls
>>>    * --enableldapstarttls
>>> options
>>
>> Shouldn't it get only one of them?
>>
>> It seems weird to enable both at the same time.
>>
>> Petr^2 Spacek
>>
>>> https://fedorahosted.org/freeipa/ticket/5654
>>
> 
> Updated patch attached. It uses only --enableldaptls in both commands.
> 
> --enableldapstarttls is an alias for enableldaptls.
> 
> After testing and checking /etc/openldap/ldap.conf, I don't think that
> these options have any effect on el6. There is no 'ssl no' or 'ssl
> start_tls' in any combination or lack of the options. Maybe they have
> effect somewhere else. Anyway it shouldn't do any harm.
> 
> 

ACK.

Pushed to:
master: 02d3ea106214c7e170cb9bf051e4085ade440134
ipa-4-3: b2c5c32d78f099ecc0fb1f10fbf2acd9e36da3ae
ipa-4-2: 6111a30962db4f4bf095201854f3aaa3493adf7c

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to