#3891 Specify the SASL mechanism explicitly when doing updates in ipa-adtrust-install
Closed: Duplicate None Opened 7 years ago by tbabej.

The default mech is EXTERNAL and in ipa-adtrust-install the root user is mapped to the directory manager which does have permissions to modify cn=config.

However, if the user has configured SASL_MECH configuration option, e.g. to 'SASL_MECH GSSAPI', we will bind as admin user, which does not have the permissions to modify cn=config.


This can be reproduced creating a /root/.ldaprc file with the following content

SASL_MECH GSSAPI

Metadata Update from @tbabej:
- Issue assigned to someone
- Issue set to the milestone: 0.0 NEEDS_TRIAGE

4 years ago

Login to comment on this ticket.

Metadata