#4 Need way to update DS without requiring DM password
Closed: Fixed None Opened 11 years ago by rcritten.

The upgrade process for IPA needs to be seamless and not require user intervention. For this reason we need a way to apply LDAP changes without prompting for the Directory Manager password.

Alternatives include:

  • Use the 389-ds upgrade schema, setup-ds.pl -u
  • Write an LDIF handler for ipa-ldap-update to do offline updates
  • Turn off the 389-ds listeners and do online updates over ldapi

I've decided to go with updating over ldapi and disabling the TCP listeners. I will also enable autobind so if we are root we'll bind over ldapi as DM and have full access without requiring a password.

Metadata Update from @rcritten:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 2.0 - 2010/06

4 years ago

Login to comment on this ticket.