The upgrade process for IPA needs to be seamless and not require user intervention. For this reason we need a way to apply LDAP changes without prompting for the Directory Manager password.
I've decided to go with updating over ldapi and disabling the TCP listeners. I will also enable autobind so if we are root we'll bind over ldapi as DM and have full access without requiring a password.
Metadata Update from @rcritten:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 2.0 - 2010/06
to comment on this ticket.