[Freeipa-devel] 43 Inherit nssldap security access settings during replica install

Rob Crittenden rcritten at redhat.com
Tue Jun 5 21:16:23 UTC 2012


Rob Crittenden wrote:
> JR Aquino wrote:
>> When making adjustments to increase the bind security settings of a
>> FreeIPA server, it is best practice to inherit those settings when
>> installing a new replica server.
>>
>> Inherit the following bind security settings when performing a replica
>> install:
>> 'nsslapd-allow-unauthenticated-binds',
>> 'nsslapd-require-secure-binds',
>> 'nsslapd-allow-anonymous-access',
>> 'nsslapd-minssf'
>>
>> https://fedorahosted.org/freeipa/ticket/1930
>>
>
> NACK
>
> There is a connection helper in service.py you can use, ldap_connect().
>
> Use it like:
>
> if not self.admin_conn:
> self.ldap_connect()
>
> x = self.conn.addEntry(foo)

I rebased the patch to master and re-worked it a bit. JR, what do you think?

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jr43.patch
Type: text/x-diff
Size: 3134 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120605/848c8ffd/attachment.bin>


More information about the Freeipa-devel mailing list