[Freeipa-devel] [PATCH] 0153 ipa-ldap-updater does not work with hardened LDAP configuration
Martin Kosek
mkosek at redhat.com
Fri Jul 4 06:15:20 UTC 2014
On 07/03/2014 03:21 PM, Petr Spacek wrote:
> On 2.7.2014 15:52, Alexander Bokovoy wrote:
>> When nsslapd-minssf is greater than 0, running as root
>> ipa-ldap-updater [-l]
>> will fail even if we force use of autobind for root over LDAPI.
>>
>> The reason for this is that schema updater doesn't get ldapi flag passed
>> and attempts to connect to LDAP port instead and for hardened
>> configurations using simple bind over LDAP is not enough.
>>
>> Additionally, report properly previously unhandled LDAP exceptions.
>> https://fedorahosted.org/freeipa/ticket/3468
>>
>> Note that the ticket is in 'Future releases' but we have this bug in 3.3
>> and in my view it is serious enough to fix it.
>
> ACK from functional perspective. I have tested clean installation and upgrade
> from 3.3.5 (Fedora 20) and both works.
>
> Also ipa-ldap-updates works with minssf = 56.
>
> It can be pushed if there is no problem with Python side of things.
>
Looks good to me.
Pushed to master: a9fe37e0664079ad2da7b0d9b9b7c7e244a25bf9
Martin
More information about the Freeipa-devel
mailing list