#3582 ipa-client-install removes needed options from ldap.conf
Closed: Fixed None Opened 10 years ago by rcritten.

Ticket was cloned from Red Hat Bugzilla (product Fedora): Bug 953991

ipa-client-install writes out a custom ldap.conf. We're been using the
SASL_NOCANON option in ldap.conf to unbreak broken upstream defaults. See:

https://bugzilla.redhat.com/show_bug.cgi?id=949864

Ideally we can eventually get a sane default upstream. But either
ipa-client-install should keep settings in ldap.conf, or include 'SASL_NOCANON
on'

Also see related upstream ticket #3447. This one complains about removing TLS_CACERTDIR. We should fix it too.

We are going to need to investigate the policy issues associated with this file. What do we do if another LDAP server is already configured? Leave it, replace it or quit the installer?

This can take place in the context of both a client and server install. In the case of a server installation this happens at the very end, so rolling back would be painful.

One option is to loudly exclaim that we have replaced the LDAP configuration if/when that happens.

Metadata Update from @rcritten:
- Issue assigned to tbabej
- Issue set to the milestone: FreeIPA 3.2 - 2013/04-05 (GA)

7 years ago

Login to comment on this ticket.

Metadata