On 11/23/2012 01:44 PM, Petr Viktorin wrote: > Since this branch became somewhat unwieldy, here's a quick summary. > > Patches are pushed to master (1d3ddef~..bef251a). > Martin's patch was also pushed to 3.0 (83d2822) and 2.2 (18b873c). > This fixes ipa-replica-manage to only manage the IPA agreements, not the PKI > ones. > > There is an outstanding issue: SELinux prevents connecting to the old PKI DS > port (7389), preventing CA replicas to old masters. > https://bugzilla.redhat.com/show_bug.cgi?id=879516 > Please test in permissive mode until it's fixed.
Small addendum: permissive mode is needed only for replicas with CA, where the remote master has separate LDAP instance for Dogtag. A network of IPA 3.1 replicas should work SELinux enforced. Martin _______________________________________________ Freeipa-devel mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-devel