On 11/23/2012 01:44 PM, Petr Viktorin wrote:
> Since this branch became somewhat unwieldy, here's a quick summary.
> 
> Patches are pushed to master (1d3ddef~..bef251a).
> Martin's patch was also pushed to 3.0 (83d2822) and 2.2 (18b873c).
> This fixes ipa-replica-manage to only manage the IPA agreements, not the PKI 
> ones.
> 
> There is an outstanding issue: SELinux prevents connecting to the old PKI DS
> port (7389), preventing CA replicas to old masters.
> https://bugzilla.redhat.com/show_bug.cgi?id=879516
> Please test in permissive mode until it's fixed.

Small addendum: permissive mode is needed only for replicas with CA, where the
remote master has separate LDAP instance for Dogtag. A network of IPA 3.1
replicas should work SELinux enforced.

Martin

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to