diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2011-07-19 16:07:05 +0300 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2011-07-18 19:42:04 -0400 |
| commit | 1b4aaf5756b490f5cacb89b4010d0d0803bfbf3d (patch) | |
| tree | 9e1277a817fb8468b5111d4ef9d9d754ff2753c7 /ipa-client | |
| parent | a00b03831b6a7ccb87d58c92c1072c586889508e (diff) | |
| download | freeipa-1b4aaf5756b490f5cacb89b4010d0d0803bfbf3d.tar.gz freeipa-1b4aaf5756b490f5cacb89b4010d0d0803bfbf3d.tar.xz freeipa-1b4aaf5756b490f5cacb89b4010d0d0803bfbf3d.zip | |
Fix sssd.conf to always have IPA certificate for the domain.
Fixes https://fedorahosted.org/freeipa/ticket/1476
SSSD will need TLS for checking if ipaMigrationEnabled attribute is set
Note that SSSD will force StartTLS because the channel is later used for
authentication as well if password migration is enabled. Thus set the option
unconditionally.
Diffstat (limited to 'ipa-client')
| -rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 07459bfd6..4610583d7 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -550,6 +550,12 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options): domain.set_option('cache_credentials', True) + # SSSD will need TLS for checking if ipaMigrationEnabled attribute is set + # Note that SSSD will force StartTLS because the channel is later used for + # authentication as well if password migration is enabled. Thus set the option + # unconditionally. + domain.set_option('ldap_tls_cacert', '/etc/ipa/ca.crt') + if options.dns_updates: domain.set_option('ipa_dyndns_update', True) if options.krb5_offline_passwords: |