freeipa

Clone
Source Code
GIT

044d887 Fix ipa-replica-install when upgrade from ca-less to ca-full

2 files Authored by frenaud 7 years ago, Committed by mbasti 7 years ago,
raw patch tree parent
2 files changed. 12 lines added. 5 lines removed.
ipaserver/install/ipa_replica_prepare.py
file modified
+8 -1
ipaserver/install/server/replicainstall.py
file modified
+4 -4 
    Fix ipa-replica-install when upgrade from ca-less to ca-full
    
    When ipa-replica-prepare is run on a master upgraded from CA-less to
    CA-full, it creates the replica file with a copy of the local /etc/ipa/ca.crt.
    This causes issues if this file hasn't been updated with ipa-certupdate,
    as it contains the external CA that signed http/ldap certs, but not
    the newly installed IPA CA.
    As a consequence, ipa-replica-install fails with "Could not find a CA cert".
    
    The fix consists in retrieving the CA certificates from LDAP instead of
    the local /etc/ipa/ca.crt.
    
    https://fedorahosted.org/freeipa/ticket/6375
    
    Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
    Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
file modified
+8 -1
file modified
+4 -4
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.