diff options
-rw-r--r-- | install/updates/10-config.update | 4 | ||||
-rw-r--r-- | ipaserver/ipaldap.py | 2 |
2 files changed, 5 insertions, 1 deletions
diff --git a/install/updates/10-config.update b/install/updates/10-config.update index 97fbdef2d..ecddb812f 100644 --- a/install/updates/10-config.update +++ b/install/updates/10-config.update @@ -38,3 +38,7 @@ only:nsslapd-anonlimitsdn:'cn=anonymous-limits,cn=etc,$SUFFIX' # doesn't support it generates a non-fatal error. dn: cn=config add:nsslapd-defaultNamingContext:'$SUFFIX' + +# Allow the root DSE to be searched even with minssf set +dn: cn=config +only:nsslapd-minssf-exclude-rootdse:on diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py index 8703b5e4b..7174072a6 100644 --- a/ipaserver/ipaldap.py +++ b/ipaserver/ipaldap.py @@ -540,7 +540,7 @@ class IPAdmin(IPAEntryLDAPObject): # Some attributes, like those in cn=config, need to be replaced # not deleted/added. - FORCE_REPLACE_ON_UPDATE_ATTRS = ('nsslapd-ssl-check-hostname', 'nsslapd-lookthroughlimit', 'nsslapd-idlistscanlimit', 'nsslapd-anonlimitsdn') + FORCE_REPLACE_ON_UPDATE_ATTRS = ('nsslapd-ssl-check-hostname', 'nsslapd-lookthroughlimit', 'nsslapd-idlistscanlimit', 'nsslapd-anonlimitsdn', 'nsslapd-minssf-exclude-rootdse') modlist = [] old_entry = ipautil.CIDict(old_entry) |