URL: https://github.com/freeipa/freeipa/pull/355
Title: #355: Set up DS TLS on replica in CA-less topology

tomaskrizek commented:
89de60c was reveted because while it fixed this particular use case, it broke 
others. IIRC it broke regular replica promotion with CA.

The proper fix is not yet ready, nor on the IPA side (#41 is a step in the 
right direction, but it also requires some more code fixes, especially properly 
closing some ad hoc LDAP connections), nor on the NSS side (ETA unknown).

If this patch works and doesn't break other use cases, I would merge it and 
keep the ticket open. After the NSS bug is fixed, we can fix this properly.

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to