<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 28.04.2016 19:16, Roderick Johnstone
wrote:<br>
</div>
<blockquote cite="mid:57224564.9080305@ast.cam.ac.uk" type="cite">Hi
<br>
<br>
RHEL7 running ipa-server-4.2.0-15.el7_2.6.1.x86_64
<br>
<br>
A couple of months ago I updated
/etc/dirsrv/slapd-XXX.XXX.XXX/dse.ldif to customise the cipher
suite in use by freeipa (see previous thread on this list).
<br>
<br>
When the update to ipa-server-4.2.0-15.el7_2.6.1.x86_64 came in on
April 14 it saved my dse.ldif to dse.ldif.ipa.87160d3fec74fa3f and
reverted some, but not all of, my changed settings in dse.ldif.
<br>
<br>
I'd like to understand what is expected to happen to this file on
a package upgrade (rpm reports that this file is not owned by any
package so I guess its manipulated by a scriplet) since at least
one of my changes was preserved.
<br>
<br>
Also, if I need to maintain a customised cipher suite for ipa, am
I required to only do yum updates of the ipa-server package by
hand and manually merge back in my changes, or is there a better
way?
<br>
<br>
Thanks
<br>
<br>
Roderick Johnstone
<br>
<br>
</blockquote>
Hello,<br>
<br>
probably IPA upgrade did this change<br>
<br>
if you need custom ciphers to be preserved, you have to put your own
upgrade file (number must be higher than 20) to IPA
'/usr/share/ipa/updates/'<br>
<br>
something like:<br>
<br>
$ cat 99-myciphers.update<br>
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<pre style="background-color:#ffffff;color:#000000;font-family:'DejaVu Sans Mono';font-size:9.0pt;">dn: cn=encryption,cn=config
only:nsSSL3Ciphers: default
only:allowWeakCipher: off</pre>
<br>
update default value with your own required ciphers<br>
<br>
Martin<br>
</body>
</html>