The following code in ipaserver/install/dogtaginstance.py adds redundant parameters into PKI's CS.cfg:
def enable_client_auth_to_db(self, config): installutils.set_directive( config, 'authz.instance.DirAclAuthz.ldap.ldapauth.bindDN', 'uid=pkidbuser,ou=people,o=ipaca', quotes=False, separator='=') installutils.set_directive( config, 'internaldb.ldapauth.bindDN', 'uid=pkidbuser,ou=people,o=ipaca', quotes=False, separator='=')
Bind DN is not used for client certificate authentication so they can be safely removed.
When I tested WIP patch I received following error during ipa-kra-install (pki-tomcat/CA/debug log)
I have to test it more if it is caused by removing bindDN, or by something else.
Internal Database Error encountered: Could not connect to LDAP server host replica2.ipa.test port 636 Error netscape.ldap.LDAPException: Authentication failed (48)
Replying to [comment:3 mbasti]:
When I tested WIP patch I received following error during ipa-kra-install (pki-tomcat/CA/debug log) I have to test it more if it is caused by removing bindDN, or by something else. {{{ Internal Database Error encountered: Could not connect to LDAP server host replica2.ipa.test port 636 Error netscape.ldap.LDAPException: Authentication failed (48) }}}
{{{ Internal Database Error encountered: Could not connect to LDAP server host replica2.ipa.test port 636 Error netscape.ldap.LDAPException: Authentication failed (48) }}}
This issue is not related to this ticket. (caused by: https://fedorahosted.org/pki/ticket/2226)
master:
ipa-4-3:
Metadata Update from @edewata: - Issue assigned to mbasti - Issue set to the milestone: FreeIPA 4.3.1
Login to comment on this ticket.