[Freeipa-devel] [PATCH] 18 Use TLS for ipadiscovery during ipa client install
JR Aquino
JR.Aquino at citrix.com
Thu Feb 17 15:27:48 UTC 2011
Lets try now. Attached is the corrected patch.
There were several spots in ipa-client-install where the server could be
defined and it was getting missed.
I have omitted any change to ipa-client-install and instead just focused
on ipadiscovery.py
ipadiscovery.py now performs its own fetch of the CACert just to be sure.
Regarding TLS vs LDAPS.
LDAP over SSL was common in LDAP Version 2 (LDAPv2) but it was never
standardized in any formal specification. This usage has been deprecated
along with LDAPv2, which was officially retired in 2003.
LDAPS is still supported, but considered deprecated in favor of TLS as
defined in RFC2830.
On 2/17/11 2:01 AM, "Jan Zelený" <jzeleny at redhat.com> wrote:
>JR Aquino <JR.Aquino at citrix.com> wrote:
>> This patch addresses the need to utilize TLS when using the
>> ipa-client-install tool. It addresses ticket:
>> https://fedorahosted.org/freeipa/ticket/974
>
>Nack, running ipa-client-install returned this error:
>
># ipa-client-install
>Retrieving CA from None failed.
>Command '/usr/bin/wget -O /etc/ipa/ca.crt http://None/ipa/config/ca.crt'
>returned non-zero exit status 4
>
>
>One more question - shouldn't you use ldaps directly to connect to the
>server?
>Jan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jraquino-0018-2-Use-TLS-for-ipadiscovery-during-ipa-client-inst.patch
Type: application/octet-stream
Size: 1409 bytes
Desc: freeipa-jraquino-0018-2-Use-TLS-for-ipadiscovery-during-ipa-client-inst.patch
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110217/38ae6b2e/attachment.obj>
More information about the Freeipa-devel
mailing list