[Freeipa-devel] [PATCH] 769 enable SSL hostname checking
Martin Kosek
mkosek at redhat.com
Tue May 17 13:11:42 UTC 2011
On Mon, 2011-04-11 at 17:05 -0400, Rob Crittenden wrote:
> Enable 389-ds SSL host checking by defauilt
>
> Enforce that the remote hostname matches the remote SSL server
> certificate when 389-ds operates as an SSL client.
>
> Also add an update file to turn this off for existing installations.
>
> ticket 1069
>
> rob
NACK. 10-config.update fails to upgrade existing installation:
# ipa-ldap-updater --upgrade
Upgrading IPA:
[1/8]: stopping directory server
[2/8]: saving configuration
[3/8]: disabling listeners
[4/8]: starting directory server
[5/8]: upgrading server
ERROR:root:Update failed: Server is unwilling to perform: Deleting attributes is not allowed
[6/8]: stopping directory server
[7/8]: restoring configuration
[8/8]: starting directory server
done configuring dirsrv.
Martin
More information about the Freeipa-devel
mailing list