IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix sssd.conf to always have IPA certificate for the domain.

Browse Source 
Fixes https://fedorahosted.org/freeipa/ticket/1476

SSSD will need TLS for checking if ipaMigrationEnabled attribute is set
Note that SSSD will force StartTLS because the channel is later used for
authentication as well if password migration is enabled. Thus set the option
unconditionally.
This commit is contained in:
Alexander Bokovoy 2011-07-19 16:07:05 +03:00 committed by Rob Crittenden
parent a00b03831b
commit 1b4aaf5756
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ipa-client/ipa-install/ipa-client-install
View File

@ -550,6 +550,12 @@ def configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server, options):
domain.set_option('cache_credentials', True)
# SSSD will need TLS for checking if ipaMigrationEnabled attribute is set
# Note that SSSD will force StartTLS because the channel is later used for
# authentication as well if password migration is enabled. Thus set the option
# unconditionally.
domain.set_option('ldap_tls_cacert', '/etc/ipa/ca.crt')
if options.dns_updates:
domain.set_option('ipa_dyndns_update', True)
if options.krb5_offline_passwords: