[Freeipa-devel] [PATCH] 769 enable SSL hostname checking
Martin Kosek
mkosek at redhat.com
Fri May 20 06:28:02 UTC 2011
On Thu, 2011-05-19 at 22:36 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Mon, 2011-04-11 at 17:05 -0400, Rob Crittenden wrote:
> >> Enable 389-ds SSL host checking by defauilt
> >>
> >> Enforce that the remote hostname matches the remote SSL server
> >> certificate when 389-ds operates as an SSL client.
> >>
> >> Also add an update file to turn this off for existing installations.
> >>
> >> ticket 1069
> >>
> >> rob
> >
> > NACK. 10-config.update fails to upgrade existing installation:
> >
> > # ipa-ldap-updater --upgrade
> > Upgrading IPA:
> > [1/8]: stopping directory server
> > [2/8]: saving configuration
> > [3/8]: disabling listeners
> > [4/8]: starting directory server
> > [5/8]: upgrading server
> > ERROR:root:Update failed: Server is unwilling to perform: Deleting attributes is not allowed
> > [6/8]: stopping directory server
> > [7/8]: restoring configuration
> > [8/8]: starting directory server
> > done configuring dirsrv.
> >
> > Martin
> >
>
> Updated patch attached. I had to make the ldap updater do REPLACE
> operations. I went ahead and made this code similar to the code in
> ldap2.py for consistency.
>
> rob
ACK. Both LDAP upgrade and a fresh installation work fine.
Martin
More information about the Freeipa-devel
mailing list