[Freeipa-devel] [PATCH] 0153 ipa-ldap-updater does not work with hardened LDAP configuration
Petr Spacek
pspacek at redhat.com
Thu Jul 3 13:21:02 UTC 2014
On 2.7.2014 15:52, Alexander Bokovoy wrote:
> When nsslapd-minssf is greater than 0, running as root
> ipa-ldap-updater [-l]
> will fail even if we force use of autobind for root over LDAPI.
>
> The reason for this is that schema updater doesn't get ldapi flag passed
> and attempts to connect to LDAP port instead and for hardened
> configurations using simple bind over LDAP is not enough.
>
> Additionally, report properly previously unhandled LDAP exceptions.
> https://fedorahosted.org/freeipa/ticket/3468
>
> Note that the ticket is in 'Future releases' but we have this bug in 3.3
> and in my view it is serious enough to fix it.
ACK from functional perspective. I have tested clean installation and upgrade
from 3.3.5 (Fedora 20) and both works.
Also ipa-ldap-updates works with minssf = 56.
It can be pushed if there is no problem with Python side of things.
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list