IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2024-12-23 07:33:27 -06:00
Code Issues Packages Projects Releases Wiki Activity
294aa3a333
freeipa/install
History
Alexander Bokovoy 294aa3a333 Revert "Require a minimum SASL security factor of 56" 
This reverts commit 3509545897.

We cannot force increase in minimum SASL security factor until our
consumers are ready to deal with it. Unfortunately, realmd uses
anonymous connection for discovery and validation of IPA LDAP server.

The way it is done is fragile (it doesn't take into account an
advertised IPA version, only checks that 'IPA' string exists in the info
field) but since bumping of minimum SSF prevents reading IPA info field
using anonymous connection, client enrollment fails.

We should get back to bumping minimum SSF after realmd and other
potential consumers are fixed.

Reviewed-By: François Cami <fcami@redhat.com>
2019-05-02 11:39:23 +02:00
..
certmonger Generate scripts from templates 2018-08-23 14:49:06 +02:00
custodia Move Custodia secrets handler to scripts 2019-04-26 12:09:22 +02:00
html Fix javascript 'errors' found by jslint 2018-09-27 16:33:25 +02:00
migration Use new LDAPClient constructors 2019-02-05 08:39:13 -05:00
oddjob Debian: auto-generate config files for oddjobd 2019-04-24 14:08:20 +02:00
restart_scripts Generate scripts from templates 2018-08-23 14:49:06 +02:00
share Revert "Require a minimum SASL security factor of 56" 2019-05-02 11:39:23 +02:00
tools ipactl restart: fix wrong logic when checking service list 2019-04-26 17:26:00 +02:00
ui Debian: use -m lesscpy instead of hard-coded name 2019-04-24 14:08:20 +02:00
updates upgrade: add trust upgrade to actual upgrade code 2019-03-28 14:08:19 +01:00
wsgi Add absolute_import future imports 2018-04-20 09:43:37 +02:00
Makefile.am Move Custodia secrets handler to scripts 2019-04-26 12:09:22 +02:00
README.schema Add some basic rules for adding new schema 2010-08-27 13:40:37 -04:00

README.schema 

Ground rules on adding new schema

Brand new schema, particularly when written specifically for IPA, should be
added in share/*.ldif. Any new files need to be explicitly loaded in
ipaserver/install/dsinstance.py. These simply get copied directly into
the new instance schema directory.

Existing schema (e.g. in an LDAP draft) may either be added as a separate
ldif in share or as an update in the updates directory. The advantage of
adding the schema as an update is if 389-ds ever adds the schema then the
installation won't fail due to existing schema failing to load during
bootstrap.

If the new schema requires a new container then this should be added
to install/bootstrap-template.ldif.