diff options
-rw-r--r-- | install/share/replica-s4u2proxy.ldif | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/install/share/replica-s4u2proxy.ldif b/install/share/replica-s4u2proxy.ldif index ce58365c5..98de46fa7 100644 --- a/install/share/replica-s4u2proxy.ldif +++ b/install/share/replica-s4u2proxy.ldif @@ -2,9 +2,11 @@ dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX changetype: modify add: memberPrincipal memberPrincipal: HTTP/$FQDN@$REALM -- -add: ipaAllowedTarget -ipaAllowedTarget: 'cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX' + +# ipa-cifs-delegation-targets needs to be an ipaAllowedTarget for HTTP +# delegation but we don't add it here as an LDIF because this entry may +# already exist from another replica, or previous install. If it is missing +# then it will be caught by the update file 61-trusts-s4u2proxy.update dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX changetype: modify |