In order for IPA to use some new functionality in Profile Management and
Sub CAs, we need to add some additional schema to the Dogtag LDAP
Fraser has written a Dogtag upgrade script to do this upgrade, but this
script expects the DM password to be in password.conf. Some discussion
on this script can be found here ..
In general, I think that while Dogtag will provide a database upgrade
framework and/or upgrade LDIF scripts, we will not - in general - know
how to connect to the DB with a user that has credentials to make schema
Fortunately, these types of changes are rare. Note that in all the
years Dogtag has been part of IPA, this is the first time this situation
The question now though is - how can we co-ordinate with IPA to make
this change? This question may have both a short term (for this
particular change) and long term answer.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code