#5298 dogtaginstance.py adds redundant parameters
Closed: Fixed None Opened 6 years ago by edewata.

The following code in ipaserver/install/dogtaginstance.py adds redundant parameters into PKI's CS.cfg:

def enable_client_auth_to_db(self, config):

    installutils.set_directive(
        config,
        'authz.instance.DirAclAuthz.ldap.ldapauth.bindDN',
        'uid=pkidbuser,ou=people,o=ipaca', quotes=False, separator='=')

    installutils.set_directive(
        config,
        'internaldb.ldapauth.bindDN',
        'uid=pkidbuser,ou=people,o=ipaca', quotes=False, separator='=')

Bind DN is not used for client certificate authentication so they can be safely removed.


When I tested WIP patch I received following error during ipa-kra-install (pki-tomcat/CA/debug log)

I have to test it more if it is caused by removing bindDN, or by something else.

Internal Database Error encountered: Could not connect to LDAP server host replica2.ipa.test port 636 Error netscape.ldap.LDAPException: Authentication failed (48)

Replying to [comment:3 mbasti]:

When I tested WIP patch I received following error during ipa-kra-install (pki-tomcat/CA/debug log)

I have to test it more if it is caused by removing bindDN, or by something else.

{{{
Internal Database Error encountered: Could not connect to LDAP server host replica2.ipa.test port 636 Error netscape.ldap.LDAPException: Authentication failed (48)
}}}

This issue is not related to this ticket. (caused by: https://fedorahosted.org/pki/ticket/2226)

master:

  • 0cb870e Remove redundant parameters from CS.cfg in dogtaginstance

ipa-4-3:

  • beb2b4c Remove redundant parameters from CS.cfg in dogtaginstance

Metadata Update from @edewata:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.3.1

5 years ago

Login to comment on this ticket.

Metadata