Bug 825391 - [RFE] Replica installation should provide a means for inheriting nssldap security access settings
[RFE] Replica installation should provide a means for inheriting nssldap secu...
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
Unspecified Unspecified
high Severity unspecified
: rc
: ---
Assigned To: Martin Bašti
Marc Muehlfeld
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2012-05-25 17:09 EDT by Dmitri Pal
Modified: 2016-11-04 01:43 EDT (History)
5 users (show)

See Also:
Fixed In Version: ipa-4.4.0-0.el7.1.alpha1
Doc Type: Enhancement
Doc Text:
IdM now supports setting individual Directory Server options during server or replica installation The Identity Management (IdM) "ipa-server-install" and "ipa-replica-install" commands have been enhanced. The new "--dirsrv-config-file" parameter enables the administrator to change default Directory Server settings used during and after the IdM installation. For example, to disable secure LDAP binds in the mentioned situation: Create a text file with the setting in LDIF format: dn: cn=config changetype: modify replace: nsslapd-require-secure-binds nsslapd-require-secure-binds: off Start the IdM server installation by passing the "--dirsrv-config-file" parameter and file to the installation script: # ipa-server-install --dirsrv-config-file filename.ldif
Story Points: ---
Clone Of:
Last Closed: 2016-11-04 01:43:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
console output with verification steps (23.00 KB, text/plain)
2016-09-15 13:01 EDT, Kaleem
no flags Details

  None (edit)
Description Dmitri Pal 2012-05-25 17:09:35 EDT
This bug is created as a clone of upstream ticket:

Anonymous access is a setting that makes sense to have a global default during the installation of additional replicas.

Let ipa-replica-prepare add an option in a file that we read in ipa-replica-install.
If the option is present the install will turn off anonymous access during install.
Comment 1 RHEL Product and Program Management 2012-07-10 03:12:52 EDT
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 2 RHEL Product and Program Management 2012-07-10 19:27:58 EDT
This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development.  This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4.
Comment 6 Martin Bašti 2015-10-15 14:13:54 EDT
How to use:

# cat update.ldif
dn: cn=config
changetype: modify
replace: nsslapd-allow-unauthenticated-binds
nsslapd-allow-unauthenticated-binds: off
replace: nsslapd-require-secure-binds
nsslapd-require-secure-binds: off
replace: nsslapd-allow-anonymous-access
nsslapd-allow-anonymous-access: off
replace: nsslapd-minssf
nsslapd-minssf: 0

# ipa-{server,replica}-install --dirsrv-config-mods=update.ldif
Comment 7 Martin Bašti 2015-10-19 08:21:56 EDT
Fixed upstream

Option --dirsrv-config-mods  has been renamed to  --dirsrv-config-file
Comment 8 Mike McCune 2016-03-28 19:03:07 EDT
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions
Comment 10 Kaleem 2016-09-15 12:59:31 EDT

IPA Version:
[root@dhcp207-130 ~]# rpm -q ipa-server
[root@dhcp207-130 ~]# 

Please find the attached file for console output of 4 scenarios which have been executed for this.
Comment 11 Kaleem 2016-09-15 13:01 EDT
Created attachment 1201323 [details]
console output with verification steps
Comment 16 errata-xmlrpc 2016-11-04 01:43:01 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.