From f5e5bf8f82ba2051ace5fc5f29d7bf25631e0a2c Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Wed, 7 Mar 2012 17:59:19 -0500
Subject: Fix nsslapd-anonlimitsdn dn in cn=config

The dn value needs to be quoted otherwise it is interpreted to be a
multi-value.

This will replace whatever value is currently set.

https://fedorahosted.org/freeipa/ticket/2452
---
 ipaserver/ipaldap.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ipaserver')

diff --git a/ipaserver/ipaldap.py b/ipaserver/ipaldap.py
index 745bb777..8703b5e4 100644
--- a/ipaserver/ipaldap.py
+++ b/ipaserver/ipaldap.py
@@ -540,7 +540,7 @@ class IPAdmin(IPAEntryLDAPObject):
 
         # Some attributes, like those in cn=config, need to be replaced
         # not deleted/added.
-        FORCE_REPLACE_ON_UPDATE_ATTRS = ('nsslapd-ssl-check-hostname', 'nsslapd-lookthroughlimit', 'nsslapd-idlistscanlimit')
+        FORCE_REPLACE_ON_UPDATE_ATTRS = ('nsslapd-ssl-check-hostname', 'nsslapd-lookthroughlimit', 'nsslapd-idlistscanlimit', 'nsslapd-anonlimitsdn')
         modlist = []
 
         old_entry = ipautil.CIDict(old_entry)
-- 
cgit