On ma, 01 helmi 2021, lejeczek via FreeIPA-users wrote:
>>Before I begin fiddling - both ends/nodes show
"DEFAULT" and both ends
>>had this policy at the time new ds instance were created, this way:
>>-> $ dscreate interactive
>>so, it then may make you wonder how come 'dscreate' process (and 389ds
>>in entirety) "allowed" such a ds instance which did not stick to policy
>>to come into existence.
>>Could it be that something which should "just" work, did not and
it's
>>possibly buggy?
>>many! thanks, L.
>Crypto policies are enforced regardless of what the user requests.
>
>This may also point that one side is using TLS and the other side is not.
>
>rob
>
I also wonder if there something up with
389-ds-base-1.4.3.8-6.module_el8.3.0+604+ab7bf9cc.x86_64(which I've
not tried) VS
389-ds-base-1.4.3.16-8.module_el8.4.0+644+ed25d39e.x86_64 (ps. also
IPA 4.9.0 has just vanished from Centos' repos, so it seems)
This might be your local mirror's issue. The packages are available in
http://mirror.centos.org/centos/8-stream/AppStream/x86_64/os/Packages/
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland