Lets try now. Attached is the corrected patch. There were several spots in ipa-client-install where the server could be defined and it was getting missed. I have omitted any change to ipa-client-install and instead just focused on ipadiscovery.py
ipadiscovery.py now performs its own fetch of the CACert just to be sure. Regarding TLS vs LDAPS. LDAP over SSL was common in LDAP Version 2 (LDAPv2) but it was never standardized in any formal specification. This usage has been deprecated along with LDAPv2, which was officially retired in 2003. LDAPS is still supported, but considered deprecated in favor of TLS as defined in RFC2830. On 2/17/11 2:01 AM, "Jan Zelený" <jzel...@redhat.com> wrote: >JR Aquino <jr.aqu...@citrix.com> wrote: >> This patch addresses the need to utilize TLS when using the >> ipa-client-install tool. It addresses ticket: >> https://fedorahosted.org/freeipa/ticket/974 > >Nack, running ipa-client-install returned this error: > ># ipa-client-install >Retrieving CA from None failed. >Command '/usr/bin/wget -O /etc/ipa/ca.crt http://None/ipa/config/ca.crt' >returned non-zero exit status 4 > > >One more question - shouldn't you use ldaps directly to connect to the >server? >Jan
binRzo02LE4jS.bin
Description: freeipa-jraquino-0018-2-Use-TLS-for-ipadiscovery-during-ipa-client-inst.patch
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel