Anonymous access is a setting that makes sense to have a global default during the installation of additional replicas.
Let ipa-replica-prepare add an option in a file that we read in ipa-replica-install. If the option is present the install will turn off anonymous access during install.
JR would you be able to pull it off in Oct for 3.0?
Simo had originally asked me to open this ticket for him as he was working on something connected.
JR we are considering deferring this till later. Are you OK with this?
JR, we defer it until you have time to do the work.
attachment freeipa-jraquino-0043-Inherit-nssldap-security-access-settings-during-replia-install.patch
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=825391
Moving to next month iteration.
Patch was nacked looong time ago (http://www.redhat.com/archives/freeipa-devel/2012-February/msg00601.html), removing patch on review flag.
I work on similar ticket #4949 that also resolves this ticket. I'm taking ownership of this ticket.
The patchset allows to update configuration of DS at the start of directory server install.
master:
How to use:
# cat update.ldif dn: cn=config changetype: modify replace: nsslapd-allow-unauthenticated-binds nsslapd-allow-unauthenticated-binds: off - replace: nsslapd-require-secure-binds nsslapd-require-secure-binds: off - replace: nsslapd-allow-anonymous-access nsslapd-allow-anonymous-access: off - replace: nsslapd-minssf nsslapd-minssf: 0 # ipa-{server,replica}-install --dirsrv-config-file=update.ldif
Metadata Update from @jraquino: - Issue assigned to mbasti - Issue set to the milestone: FreeIPA 4.3
Login to comment on this ticket.