The pkidbuser is used by Dogtag (and probably IPA too) to communicate to the LDAP database. Currently the user is created under ou=People under the Dogtag subtree, so it will appear as a Dogtag user in the CLI. However, it's actually not a valid Dogtag user and cannot be used for Dogtag authentication. It would be better to create the user outside ou=People, but still under the subsystem's subtree (e.g. uid=pkidbuser,o=pki-ca). This way the user will not appear as Dogtag user, but will still be replicated.
This is important to fix due to conflicting certificate mapping (ticket #1595).
See also: http://pki.fedoraproject.org/wiki/PKI_Ticket_1009
Metadata Update from @edewata: - Issue set to the milestone: 10.4
Metadata Update from @edewata: - Custom field reviewer adjusted to '' - Custom field version adjusted to '' - Issue close_status updated to: None - Issue set to the milestone: FUTURE (was: 10.4)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1574
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.