summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--install/updates/10-config.update4
-rw-r--r--ipaserver/ipaldap.py2
2 files changed, 5 insertions, 1 deletions
diff --git a/install/updates/10-config.update b/install/updates/10-config.update
index 97fbdef2d..ecddb812f 100644
--- a/install/updates/10-config.update
+++ b/install/updates/10-config.update
@@ -38,3 +38,7 @@ only:nsslapd-anonlimitsdn:'cn=anonymous-limits,cn=etc,$SUFFIX'
# doesn't support it generates a non-fatal error.
dn: cn=config
add:nsslapd-defaultNamingContext:'$SUFFIX'
+
+# Allow the root DSE to be searched even with minssf set
+dn: cn=config
+only:nsslapd-minssf-exclude-rootdse:on
diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py
index 8703b5e4b..7174072a6 100644
--- a/ipaserver/ipaldap.py
+++ b/ipaserver/ipaldap.py
@@ -540,7 +540,7 @@ class IPAdmin(IPAEntryLDAPObject):
# Some attributes, like those in cn=config, need to be replaced
# not deleted/added.
- FORCE_REPLACE_ON_UPDATE_ATTRS = ('nsslapd-ssl-check-hostname', 'nsslapd-lookthroughlimit', 'nsslapd-idlistscanlimit', 'nsslapd-anonlimitsdn')
+ FORCE_REPLACE_ON_UPDATE_ATTRS = ('nsslapd-ssl-check-hostname', 'nsslapd-lookthroughlimit', 'nsslapd-idlistscanlimit', 'nsslapd-anonlimitsdn', 'nsslapd-minssf-exclude-rootdse')
modlist = []
old_entry = ipautil.CIDict(old_entry)
generated by cgit (git 2.34.1) at 2024-06-07 22:39:05 +0000