Title: #355: Set up DS TLS on replica in CA-less topology
89de60c was reveted because while it fixed this particular use case, it broke
others. IIRC it broke regular replica promotion with CA.
The proper fix is not yet ready, nor on the IPA side (#41 is a step in the
right direction, but it also requires some more code fixes, especially properly
closing some ad hoc LDAP connections), nor on the NSS side (ETA unknown).
If this patch works and doesn't break other use cases, I would merge it and
keep the ticket open. After the NSS bug is fixed, we can fix this properly.
See the full comment at
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code