summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/dsinstance.py
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2011-01-19 15:17:25 -0500
committerSimo Sorce <ssorce@redhat.com>2011-01-20 15:49:30 -0500
commit861aa9c1b8ddf757b358f3a66e3ca57d4cc05b4c (patch)
tree50e0025b2cdc32721bca357102daf4935e712c01 /ipaserver/install/dsinstance.py
parent5af80a7583edfd0061a70abde4868d4582247608 (diff)
downloadfreeipa-861aa9c1b8ddf757b358f3a66e3ca57d4cc05b4c.zip
freeipa-861aa9c1b8ddf757b358f3a66e3ca57d4cc05b4c.tar.gz
freeipa-861aa9c1b8ddf757b358f3a66e3ca57d4cc05b4c.tar.xz
Allow SASL/EXTERNAL authentication for the root user
This gives the root user low privileges so that when anonymous searches are denied the init scripts can still search the directory via ldapi to get the list of serevices to start. Fixes: https://fedorahosted.org/freeipa/ticket/795
Diffstat (limited to 'ipaserver/install/dsinstance.py')
-rw-r--r--ipaserver/install/dsinstance.py5
1 files changed, 5 insertions, 0 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 859d5c8..378e012 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -207,6 +207,7 @@ class DsInstance(service.Service):
self.step("creating indices", self.__create_indices)
self.step("configuring ssl for ds instance", self.__enable_ssl)
self.step("configuring certmap.conf", self.__certmap_conf)
+ self.step("configure autobind for root", self.__root_autobind)
self.step("restarting directory server", self.__restart_instance)
def __common_post_setup(self):
@@ -728,3 +729,7 @@ class DsInstance(service.Service):
def __tuning(self):
self.tune_nofile(8192)
+
+ def __root_autobind(self):
+ self._ldap_mod("root-autobind.ldif")
+