aadb805 Replica CA installation: ignore time skew during initial replication

Authored and Committed by frenaud 5 months ago
    Replica CA installation: ignore time skew during initial replication
    
    During a replica CA installation, the initial replication step may fail
    if there is too much time skew between the server and replica.
    
    The replica installer already takes care of this for the replication of
    the domain suffix but the replica CA installer does not set
    nssldapd-ignore-time-skew to on for o=ipaca suffix.
    
    During a replica CA installation, read the initial value of
    nssldapd-ignore-time-skew, force it to on, start replication and
    revert to the initial value.
    
    Apply the same logic to dsinstance and ipa-replica-manage force-sync.
    
    Fixes: https://pagure.io/freeipa/issue/9635
    Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
    Reviewed-By: Rob Crittenden <rcritten@redhat.com>
    
        
file modified
+0 -1
file modified
+25 -0