f78d25f ipa-crlgen-manage: manage the cert status task execution time

2 files Authored by rcritten 9 months ago, Committed by frenaud 9 months ago,
    ipa-crlgen-manage: manage the cert status task execution time
    
    ca.certStatusUpdateInterval manages how frequently to update
    the certificate status in LDAP (expired, etc).
    
    By default this is not set on the initial master and pkispawn sets
    it to 0 on replicas. This can lead to no server running this
    task and therefore the status attribute not reflecting the current
    state.
    
    On enabling CRL generation remove any value which will cause PKI
    to use its default. On disabling set it to 0.
    
    Only one server should run the update status task to prevent
    unnecessary replication.
    
    Fixes: https://pagure.io/freeipa/issue/9569
    
    Signed-off-by: Rob Crittenden <rcritten@redhat.com>
    Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>