#9635 Ignore time skew during CA replica installation
Closed: fixed 5 months ago by frenaud. Opened 6 months ago by frenaud.

Issue

During a replica CA installation, the initial replication step may fail if there is too much time skew because the server and replica.

The replica installer already takes care of this for the replication of the domain suffix but the replica CA installer does not set nssldapd-ignore-time-skew to on.

Cloned from https://issues.redhat.com/browse/RHEL-27856 'Unable to log in as uid=admin-replica.testrealm.test,ou=people,o=ipaca' during replica install


6 months ago

Metadata Update from @frenaud:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/7450

6 months ago

master:

  • 3b21e19 Replica CA installation: ignore time skew during initial replication

ipa-4-12:

  • aadb805 Replica CA installation: ignore time skew during initial replication

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

5 months ago

master:

  • b56d434 ipatests: Test to check that the configured value for "nsslapd-ignore-time-skew" remains on even after a "force-sync" is done

ipa-4-12:

  • f5c7237 ipatests: Test to check that the configured value for "nsslapd-ignore-time-skew" remains on even after a "force-sync" is done

Log in to comment on this ticket.

Metadata