On 28.04.2016 19:16, Roderick Johnstone wrote:
RHEL7 running ipa-server-4.2.0-15.el7_2.6.1.x86_64
A couple of months ago I updated
/etc/dirsrv/slapd-XXX.XXX.XXX/dse.ldif to customise the cipher suite
in use by freeipa (see previous thread on this list).
When the update to ipa-server-4.2.0-15.el7_2.6.1.x86_64 came in on
April 14 it saved my dse.ldif to dse.ldif.ipa.87160d3fec74fa3f and
reverted some, but not all of, my changed settings in dse.ldif.
I'd like to understand what is expected to happen to this file on a
package upgrade (rpm reports that this file is not owned by any
package so I guess its manipulated by a scriplet) since at least one
of my changes was preserved.
Also, if I need to maintain a customised cipher suite for ipa, am I
required to only do yum updates of the ipa-server package by hand and
manually merge back in my changes, or is there a better way?
probably IPA upgrade did this change
if you need custom ciphers to be preserved, you have to put your own
upgrade file (number must be higher than 20) to IPA
$ cat 99-myciphers.update
update default value with your own required ciphers
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project