On 11/23/2012 01:44 PM, Petr Viktorin wrote:
> Since this branch became somewhat unwieldy, here's a quick summary.
> Patches are pushed to master (1d3ddef~..bef251a).
> Martin's patch was also pushed to 3.0 (83d2822) and 2.2 (18b873c).
> This fixes ipa-replica-manage to only manage the IPA agreements, not the PKI
> There is an outstanding issue: SELinux prevents connecting to the old PKI DS
> port (7389), preventing CA replicas to old masters.
> Please test in permissive mode until it's fixed.
Small addendum: permissive mode is needed only for replicas with CA, where the
remote master has separate LDAP instance for Dogtag. A network of IPA 3.1
replicas should work SELinux enforced.
Freeipa-devel mailing list