diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2011-07-19 16:07:05 +0300 |
---|---|---|
committer | Alexander Bokovoy <abokovoy@redhat.com> | 2011-07-19 16:07:05 +0300 |
commit | f80ccb1a3c85afd8d5aa03191ef5c323a35293de (patch) | |
tree | a86a1ec9a24d8946e83d7f807328bb6c810b7f99 | |
parent | c1f5dadc4e9c5ed0c9c1a132c4fe5c66b0244882 (diff) | |
download | freeipa-ticket-1476.tar.gz freeipa-ticket-1476.tar.xz freeipa-ticket-1476.zip |
Fix sssd.conf to always have IPA certificate for the domain.ticket-1476
Fixes https://fedorahosted.org/freeipa/ticket/1476
SSSD will need TLS for checking if ipaMigrationEnabled attribute is set
Note that SSSD will force StartTLS because the channel is later used for
authentication as well if password migration is enabled. Thus set the option
unconditionally.
-rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 07459bfd6..4610583d7 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -550,6 +550,12 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options): domain.set_option('cache_credentials', True) + # SSSD will need TLS for checking if ipaMigrationEnabled attribute is set + # Note that SSSD will force StartTLS because the channel is later used for + # authentication as well if password migration is enabled. Thus set the option + # unconditionally. + domain.set_option('ldap_tls_cacert', '/etc/ipa/ca.crt') + if options.dns_updates: domain.set_option('ipa_dyndns_update', True) if options.krb5_offline_passwords: |