On 07/31/2013 11:51 AM, Ana Krivokapic wrote:
On 07/30/2013 06:24 PM, Petr Viktorin wrote:
On 07/30/2013 10:27 AM, Ana Krivokapic wrote:
Hello,
This patch addresses ticket https://fedorahosted.org/freeipa/ticket/3783.
Thanks for the patch, I have a concern below:
freeipa-akrivoka-0051-Handle-subject-option-in-ipa-server-install.patch
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index
de17c5b23d79f31e8571a3400d44397630cadada..a2625e6198bcff0811c482e479c8af10716dcea1
100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -894,6 +895,7 @@ def main():
configured_constants = dogtag.configured_constants()
sub_dict = dict(
REALM=api.env.realm,
+ SUBJECT_BASE=str(DN(('O', api.env.realm))),
When certmap.conf.template's version changes again, this will rewrite the
subject to the default. Don't we want to use the subject base also here?
You are right. The updated patch uses the current value of subject base from
LDAP to update certmap.conf during upgrades.
When ipa-upgradeconfig is run while the DS is down, this results in a
small warning, and very bad configuration:
certmap ipaca CN=Certificate Authority,None
I'm not sure how this should be handled. I'm adding Rob to the loop.
Rob, can we start the DS in ipa-upgradeconfig? That sounds quite
heavy-handed for a RPM upgrade script.
Maybe if the DS is unavailable, we should use the old value from the
config file itself.
--
PetrĀ³
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
