Hi all,
We have a number of CentOS 7 hosts enrolled with FreeIPA, and I have noticed the ldap.conf on some hosts has two separate URI lines, similar to this:
URI ldaps://ipa.example.com BASE dc=example,dc=com TLS_CACERT /etc/ipa/ca.crt URI https://ipa.example.com
This caused our configuration management to complain about the URI value, because it is listed twice.
Looking at the man page for ldap.conf, it indicates the URI should be LDAP(S), but for some reason our older hosts have it set to HTTPS.
Should all FreeIPA hosts be using the same LDAPS URI value provided?
I can only assume the HTTPS URI is a legacy from the old version 3 FreeIPA install, as it pre-dates me supporting it.
Cheers, Dagan McGregor
Dagan McGregor via FreeIPA-users wrote:
Hi all,
We have a number of CentOS 7 hosts enrolled with FreeIPA, and I have noticed the ldap.conf on some hosts has two separate URI lines, similar to this:
URI ldaps://ipa.example.com BASE dc=example,dc=com TLS_CACERT /etc/ipa/ca.crt URI https://ipa.example.com
This caused our configuration management to complain about the URI value, because it is listed twice.
Looking at the man page for ldap.conf, it indicates the URI should be LDAP(S), but for some reason our older hosts have it set to HTTPS.
Should all FreeIPA hosts be using the same LDAPS URI value provided?
I can only assume the HTTPS URI is a legacy from the old version 3 FreeIPA install, as it pre-dates me supporting it.
It wasn't IPA that added that line. Something, or someone, added it post-install.
rob
freeipa-users@lists.fedorahosted.org