[Freeipa-devel] [PATCH] 769 enable SSL hostname checking
Rob Crittenden
rcritten at redhat.com
Fri May 20 02:36:38 UTC 2011
Martin Kosek wrote:
> On Mon, 2011-04-11 at 17:05 -0400, Rob Crittenden wrote:
>> Enable 389-ds SSL host checking by defauilt
>>
>> Enforce that the remote hostname matches the remote SSL server
>> certificate when 389-ds operates as an SSL client.
>>
>> Also add an update file to turn this off for existing installations.
>>
>> ticket 1069
>>
>> rob
>
> NACK. 10-config.update fails to upgrade existing installation:
>
> # ipa-ldap-updater --upgrade
> Upgrading IPA:
> [1/8]: stopping directory server
> [2/8]: saving configuration
> [3/8]: disabling listeners
> [4/8]: starting directory server
> [5/8]: upgrading server
> ERROR:root:Update failed: Server is unwilling to perform: Deleting attributes is not allowed
> [6/8]: stopping directory server
> [7/8]: restoring configuration
> [8/8]: starting directory server
> done configuring dirsrv.
>
> Martin
>
Updated patch attached. I had to make the ldap updater do REPLACE
operations. I went ahead and made this code similar to the code in
ldap2.py for consistency.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-769-2-ssl.patch
Type: application/mbox
Size: 6005 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20110519/45d1c095/attachment.mbox>
More information about the Freeipa-devel
mailing list