#7527 uninstall: server is not removed from lightweight CA key list
Opened 5 years ago by ftweedal. Modified 5 years ago

During lightweight CA key replication, servers that possess a LWCA's signing key are added
to a list in the Dogtag authority entry.

When uninstalling a replica, these attribute values are not cleaned up.

This should not result in operational problems - when attempting LWCA key replication,
each listed server is tried in turn until they key is successfully retrieved. But it would
still be a good idea to perform the clean-up step. It will make logs less noisy and key
replication more prompt in the case where CA replicas have been removed.


Can you provide more details on what attributes need to be cleaned up?

@rcritten specifically, the server that is being deleted should be removed from the
authorityKeyHost attribute of lightweight CA entries under ou=authorities,ou=ca,o=ipaca.

Metadata Update from @slaykovsky:
- Issue priority set to: normal
- Issue set to the milestone: FreeIPA 4.7

5 years ago

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.7.1 (was: FreeIPA 4.7)

5 years ago

FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.7.2 (was: FreeIPA 4.7.1)

5 years ago

FreeIPA 4.7.1 has been released, moving to FreeIPA 4.7.2 milestone

Login to comment on this ticket.

Metadata