FreeIPA should enable ephemeral KRA requests to reduce the amount of LDAP write operations. To enable ephemeral requests, add {{{kra.ephemeralRequests=true}}} to CS.cfg and restart KRA. See https://fedorahosted.org/pki/ticket/2532 for details.
The feature will be available in Dogtag 10.4.
Metadata Update from @cheimes: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.6
Metadata Update from @cheimes: - Custom field affects_doc reset - Custom field component reset - Custom field type reset - Issue close_status updated to: None - Issue set to the milestone: None (was: FreeIPA 4.6) - Issue tagged with: integration
Metadata Update from @pvoborni: - Custom field affects_doc reset - Custom field tester adjusted to wanted - Issue set to the milestone: FreeIPA 4.6
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.6.1 (was: FreeIPA 4.6)
Metadata Update from @tkrizek: - Issue set to the milestone: FreeIPA 4.6.2 (was: FreeIPA 4.6.1)
Metadata Update from @rcritten: - Issue assigned to rcritten (was: someone)
It is currently not possible to enable this setting during installation because there is no pkispawn option for it. I opened RFE https://pagure.io/dogtagpki/issue/2820 to add this.
I think we can live with a restart. Using the pkispawn option can be a future enhancement.
https://github.com/freeipa/freeipa/pull/1116
Metadata Update from @tdudlak: - Issue set to the milestone: FreeIPA 4.6.3 (was: FreeIPA 4.6.2)
master:
ipa-4-6:
Metadata Update from @cheimes: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.