diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2014-07-02 16:30:18 +0300 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-07-04 08:13:23 +0200 |
| commit | a9fe37e0664079ad2da7b0d9b9b7c7e244a25bf9 (patch) | |
| tree | 6f1b2e235ae7dfbce579e9dbf4367940e03a837f /ipaserver | |
| parent | 76ec9384fb112ee528c5198af0261182f1ad049e (diff) | |
| download | freeipa-a9fe37e0664079ad2da7b0d9b9b7c7e244a25bf9.tar.gz freeipa-a9fe37e0664079ad2da7b0d9b9b7c7e244a25bf9.tar.xz freeipa-a9fe37e0664079ad2da7b0d9b9b7c7e244a25bf9.zip | |
ipa-ldap-updater: make possible to use LDAPI with autobind in case of hardened LDAP configuration
When nsslapd-minssf is greater than 0, running as root
ipa-ldap-updater [-l]
will fail even if we force use of autobind for root over LDAPI.
The reason for this is that schema updater doesn't get ldapi flag passed and
attempts to connect to LDAP port instead and for hardened configurations
using simple bind over LDAP is not enough.
Additionally, report properly previously unhandled LDAP exceptions.
https://fedorahosted.org/freeipa/ticket/3468
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/ipa_ldap_updater.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ipaserver/install/ipa_ldap_updater.py b/ipaserver/install/ipa_ldap_updater.py index fbbef142a..18970ce40 100644 --- a/ipaserver/install/ipa_ldap_updater.py +++ b/ipaserver/install/ipa_ldap_updater.py @@ -204,7 +204,8 @@ class LDAPUpdater_NonUpgrade(LDAPUpdater): modified = schemaupdate.update_schema( options.schema_files, dm_password=self.dirman_password, - live_run=not options.test) or modified + live_run=not options.test, + ldapi=options.ldapi) or modified if not self.files: self.files = ld.get_all_files(UPDATES_DIR) |