mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-30 10:47:08 -06:00
00abd47de4
Enforce that the remote hostname matches the remote SSL server certificate when 389-ds operates as an SSL client. Also add an update file to turn this off for existing installations. This also changes the way the ldapupdater modlist is generated to be more like the framework. Single-value attributes are done as replacements and there is a list of force-replacement attributes. ticket 1069
6 lines
209 B
Plaintext
6 lines
209 B
Plaintext
# Enforce matching SSL certificate host names when 389-ds acts as an SSL
|
|
# client. A restart is necessary for this to take effect, we do one when
|
|
# upgrading.
|
|
dn: cn=config
|
|
only:nsslapd-ssl-check-hostname: on
|