Set nsslapd-minssf-exclude-rootdse to on so the DSE is always available.

If minssf is set in configuration and this is not set then clients won't be able to detect the available namingContexts, defaultNamingContext, capabilities, etc. https://fedorahosted.org/freeipa/ticket/2542
author: Rob Crittenden <rcritten@redhat.com> 2012-03-22 17:19:01 -0400
committer: Martin Kosek <mkosek@redhat.com> 2012-03-26 14:26:10 +0200
commit: a735420a9ba3d507855a75a1a48f79a2358c7081 (patch)
tree: b063bea16f4af55832c9ee794efb50a3b2e300a5 /install
parent: 00ce15b7442914be859c9e0912d0d02a836fe649 (diff)
download: freeipa-a735420a9ba3d507855a75a1a48f79a2358c7081.tar.gz
freeipa-a735420a9ba3d507855a75a1a48f79a2358c7081.tar.xz
freeipa-a735420a9ba3d507855a75a1a48f79a2358c7081.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/install/updates/10-config.update b/install/updates/10-config.update
index 97fbdef2d..ecddb812f 100644
--- a/install/updates/10-config.update
+++ b/install/updates/10-config.update
@@ -38,3 +38,7 @@ only:nsslapd-anonlimitsdn:'cn=anonymous-limits,cn=etc,$SUFFIX'
 # doesn't support it generates a non-fatal error.
 dn: cn=config
 add:nsslapd-defaultNamingContext:'$SUFFIX'
+
+# Allow the root DSE to be searched even with minssf set
+dn: cn=config
+only:nsslapd-minssf-exclude-rootdse:on
author	Rob Crittenden <rcritten@redhat.com>	2012-03-22 17:19:01 -0400
committer	Martin Kosek <mkosek@redhat.com>	2012-03-26 14:26:10 +0200
commit	a735420a9ba3d507855a75a1a48f79a2358c7081 (patch)
tree	b063bea16f4af55832c9ee794efb50a3b2e300a5 /install
parent	00ce15b7442914be859c9e0912d0d02a836fe649 (diff)
download	freeipa-a735420a9ba3d507855a75a1a48f79a2358c7081.tar.gz freeipa-a735420a9ba3d507855a75a1a48f79a2358c7081.tar.xz freeipa-a735420a9ba3d507855a75a1a48f79a2358c7081.zip