Bug 825391
| Summary: | [RFE] Replica installation should provide a means for inheriting nssldap security access settings | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Dmitri Pal <dpal> | ||||
| Component: | ipa | Assignee: | Martin Bašti <mbasti> | ||||
| Status: | CLOSED ERRATA | QA Contact: | IDM QE LIST <seceng-idm-qe-list> | ||||
| Severity: | unspecified | Docs Contact: | Marc Muehlfeld <mmuehlfe> | ||||
| Priority: | high | ||||||
| Version: | 7.0 | CC: | jgalipea, ksiddiqu, mbasti, mkosek, nsoman | ||||
| Target Milestone: | rc | Keywords: | FutureFeature | ||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | ipa-4.4.0-0.el7.1.alpha1 | Doc Type: | Enhancement | ||||
| Doc Text: |
IdM now supports setting individual Directory Server options during server or replica installation
The Identity Management (IdM) "ipa-server-install" and "ipa-replica-install" commands have been enhanced. The new "--dirsrv-config-file" parameter enables the administrator to change default Directory Server settings used during and after the IdM installation. For example, to disable secure LDAP binds in the mentioned situation:
Create a text file with the setting in LDIF format:
dn: cn=config
changetype: modify
replace: nsslapd-require-secure-binds
nsslapd-require-secure-binds: off
Start the IdM server installation by passing the "--dirsrv-config-file" parameter and file to the installation script:
# ipa-server-install --dirsrv-config-file filename.ldif
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2016-11-04 05:43:01 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Dmitri Pal
2012-05-25 21:09:35 UTC
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux. This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development. This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4. Settings are not inherited, but a user can specify modifications in ldif file that will be used during and after server/replica installation Fixed upstream master: https://fedorahosted.org/freeipa/changeset/63638ac9a32b528677694b438b276812e75917c4 https://fedorahosted.org/freeipa/changeset/65c89cc711331e5ae97f95b1f39190be1e9fdc3c https://fedorahosted.org/freeipa/changeset/ae23432ef520850de820aff099679f3f639d1d2f https://fedorahosted.org/freeipa/changeset/5233165ce7062bb7aa649bf95a029103c375207b How to use:
# cat update.ldif
dn: cn=config
changetype: modify
replace: nsslapd-allow-unauthenticated-binds
nsslapd-allow-unauthenticated-binds: off
-
replace: nsslapd-require-secure-binds
nsslapd-require-secure-binds: off
-
replace: nsslapd-allow-anonymous-access
nsslapd-allow-anonymous-access: off
-
replace: nsslapd-minssf
nsslapd-minssf: 0
# ipa-{server,replica}-install --dirsrv-config-mods=update.ldif
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/f4c8c93e7092b341c3ed2e04553dd5afbcc44dc5 Option --dirsrv-config-mods has been renamed to --dirsrv-config-file This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions Verified. IPA Version: ============ [root@dhcp207-130 ~]# rpm -q ipa-server ipa-server-4.4.0-11.el7.x86_64 [root@dhcp207-130 ~]# Please find the attached file for console output of 4 scenarios which have been executed for this. Created attachment 1201323 [details]
console output with verification steps
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html |