https://bugzilla.redhat.com/show_bug.cgi?id=803836 (Red Hat Enterprise Linux 6)
Description of problem: When SSSD is using enumeration mode, it needs to rely on values present in the RootDSE to operate properly. If users change the minssf option in the 389 DS server to 56 (as advised in the FreeIPA documentation), this can cause issues with SSSD. Version-Release number of selected component (if applicable): ipa-2.2.0-4.el6 How reproducible: Every time Steps to Reproduce: 1. Set nsslapd-minssf = 56 in dse.ldif 2. Perform an online request with SSSD 3. See in SSSD domain log the message "Server is unwilling to perform" Actual results: "Server is unwilling to perform" Expected results: The RootDSE should be available anonymously and unencrypted. Additional info: Related to BZ #803436
The commit with nice documentation for this option can be found at http://lists.fedoraproject.org/pipermail/389-commits/2012-January/004995.html
attachment freeipa-rcrit-994-minssf.patch
master: a735420[[BR]] ipa-2-2: 96311d0
Metadata Update from @dpal: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/03
Login to comment on this ticket.