#2957 [RFE] ipa-dns-install and other tools do not need DM password
Closed: Fixed None Opened 7 years ago by mkosek.

This ticket is a follow-up to #2815. As root user privileges are required to run ipa-dns-install we do not need to require the Direct Manager password to do the changes in LDAP, but we could simply use autobind.

We should also audit other local management tools, like ipa-nis-manage or ipa-compat-manage and check if they really need to use DM password. In most cases, autobind when run as root would make using them more convenient.

Detailed discussion can be found on freeipa-devel list in the following message:


Changing 3.2 priority


  • 7b6bee0 ipa-dns-install: use STARTTLS to connect to DS
  • 26d6c6f ipa-dns-install: use LDAPI to connect to DS


  • 41ca3fb ipa-dns-install: use STARTTLS to connect to DS

Metadata Update from @mkosek:
- Issue assigned to rcritten
- Issue set to the milestone: Future Releases

2 years ago

Login to comment on this ticket.