summaryrefslogtreecommitdiffstats
path: root/ipa-client/ipa-install/ipa-client-install
diff options
context:
space:
mode:
Diffstat (limited to 'ipa-client/ipa-install/ipa-client-install')
-rwxr-xr-xipa-client/ipa-install/ipa-client-install6
1 files changed, 6 insertions, 0 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 07459bfd6..4610583d7 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -550,6 +550,12 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options):
domain.set_option('cache_credentials', True)
+ # SSSD will need TLS for checking if ipaMigrationEnabled attribute is set
+ # Note that SSSD will force StartTLS because the channel is later used for
+ # authentication as well if password migration is enabled. Thus set the option
+ # unconditionally.
+ domain.set_option('ldap_tls_cacert', '/etc/ipa/ca.crt')
+
if options.dns_updates:
domain.set_option('ipa_dyndns_update', True)
if options.krb5_offline_passwords:
generated by cgit (git 2.34.1) at 2024-04-16 10:16:59 +0000