summaryrefslogtreecommitdiffstats
path: root/install/share/replica-s4u2proxy.ldif
diff options
context:
space:
mode:
Diffstat (limited to 'install/share/replica-s4u2proxy.ldif')
-rw-r--r--install/share/replica-s4u2proxy.ldif8
1 files changed, 5 insertions, 3 deletions
diff --git a/install/share/replica-s4u2proxy.ldif b/install/share/replica-s4u2proxy.ldif
index ce58365c5..98de46fa7 100644
--- a/install/share/replica-s4u2proxy.ldif
+++ b/install/share/replica-s4u2proxy.ldif
@@ -2,9 +2,11 @@ dn: cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX
changetype: modify
add: memberPrincipal
memberPrincipal: HTTP/$FQDN@$REALM
--
-add: ipaAllowedTarget
-ipaAllowedTarget: 'cn=ipa-cifs-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX'
+
+# ipa-cifs-delegation-targets needs to be an ipaAllowedTarget for HTTP
+# delegation but we don't add it here as an LDIF because this entry may
+# already exist from another replica, or previous install. If it is missing
+# then it will be caught by the update file 61-trusts-s4u2proxy.update
dn: cn=ipa-ldap-delegation-targets,cn=s4u2proxy,cn=etc,$SUFFIX
changetype: modify
generated by cgit (git 2.34.1) at 2024-06-22 18:05:12 +0000