In order for IPA to use some new functionality in Profile Management and
Sub CAs, we need to add some additional schema to the Dogtag LDAP
instance.

Fraser has written a Dogtag upgrade script to do this upgrade, but this
script expects the DM password to be in password.conf.  Some discussion
on this script can be found here ..
 https://www.redhat.com/archives/pki-devel/2015-June/msg00054.html

In general, I think that while Dogtag will provide a database upgrade
framework and/or upgrade LDIF scripts, we will not - in general - know
how to connect to the DB with a user that has credentials to make schema
changes.

Fortunately, these types of changes are rare.  Note that in all the
years Dogtag has been part of IPA, this is the first time this situation
has arisen.

The question now though is - how can we co-ordinate with IPA to make
this change?  This question may have both a short term (for this
particular change) and long term answer.

Thanks,
Ade 

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to