https://fedorahosted.org/freeipa/ticket/5298

Patch attached.
From 4e36c933932e36fd86a87ab51a2ffe61880cb25b Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Tue, 8 Mar 2016 19:12:00 +0100
Subject: [PATCH] Remove redundant parameters from CS.cfg in dogtaginstance

Bind DN is not used for client certificate authentication so they can be
safely removed.

https://fedorahosted.org/freeipa/ticket/5298
---
 ipaserver/install/dogtaginstance.py | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index f5e5649f9a7b80ab25c9789b62ea7efcd5662bb6..b8ce19d724c68b999bd44160eeaf09124729e977 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -220,10 +220,6 @@ class DogtagInstance(service.Service):
                 'SslClientAuth', quotes=False, separator='=')
             installutils.set_directive(
                 config,
-                'authz.instance.DirAclAuthz.ldap.ldapauth.bindDN',
-                'uid=pkidbuser,ou=people,o=ipaca', quotes=False, separator='=')
-            installutils.set_directive(
-                config,
                 'authz.instance.DirAclAuthz.ldap.ldapauth.clientCertNickname',
                 'subsystemCert cert-pki-ca', quotes=False, separator='=')
             installutils.set_directive(
@@ -242,10 +238,6 @@ class DogtagInstance(service.Service):
 
             installutils.set_directive(
                 config,
-                'internaldb.ldapauth.bindDN',
-                'uid=pkidbuser,ou=people,o=ipaca', quotes=False, separator='=')
-            installutils.set_directive(
-                config,
                 'internaldb.ldapauth.clientCertNickname',
                 'subsystemCert cert-pki-ca', quotes=False, separator='=')
             installutils.set_directive(
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to