[Freeipa-devel] [PATCH 001] Remove recommendation from ipa-adtrust-install
Thorsten Scherf
tscherf at redhat.com
Fri Apr 10 13:35:50 UTC 2015
-------------- next part --------------
From e50ff3591460cad40beaaf8c97b5c43cae44e985 Mon Sep 17 00:00:00 2001
From: Thorsten Scherf <tscherf at redhat.com>
Date: Fri, 10 Apr 2015 15:26:28 +0200
Subject: [PATCH] Removed recommendation from ipa-adtrust-install
In the wiki we say it's not longer necessary to make the IPA LDAP server not
reachable by any AD domain controller. To be consistence, the setup tool
should reflext this statement.
https://fedorahosted.org/freeipa/ticket/4977
---
install/tools/ipa-adtrust-install | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/install/tools/ipa-adtrust-install b/install/tools/ipa-adtrust-install
index 6e55bbe3e57f1c609398dc571e90cb8677d91a33..ac1d13a130f7ae295825dd1a16da2b3f946fe002 100755
--- a/install/tools/ipa-adtrust-install
+++ b/install/tools/ipa-adtrust-install
@@ -429,15 +429,6 @@ You must make sure these network ports are open:
\t * 389: (C)LDAP
\t * 445: microsoft-ds
-Additionally you have to make sure the FreeIPA LDAP server is not reachable
-by any domain controller in the Active Directory domain by closing down
-the following ports for these servers:
-\tTCP Ports:
-\t * 389, 636: LDAP/LDAPS
-
-You may want to choose to REJECT the network packets instead of DROPing
-them to avoid timeouts on the AD domain controllers.
-
=============================================================================
"""
if admin_password:
--
1.9.3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150410/3eb53958/attachment.sig>
More information about the Freeipa-devel
mailing list