mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
d0587cbdd5
This will create a host service principal and may create a host entry (for admins). A keytab will be generated, by default in /etc/krb5.keytab If no kerberos credentails are available then enrollment over LDAPS is used if a password is provided. This change requires that openldap be used as our C LDAP client. It is much easier to do SSL using openldap than mozldap (no certdb required). Otherwise we'd have to write a slew of extra code to create a temporary cert database, import the CA cert, ...
The update files are sorted before being processed because there are cases where order matters (such as getting schema added first, creating parent entries, etc). 10 - 20: Schema 20 - 30: FDS Configuration, new indices 30 - 40: Structual elements of the DIT 40 - 50: Pre-loaded data