Hello all,

we are currently facing issue with huge number of outdated certificate entries
in o=ipaca LDAP subtree (many servers no longer exists, certificates already 
expired etc)
and we would like to remove them to decrease number of entries in LDAP and also
to speed-up initial replication of o=ipaca subtree (we have more than 700 000
DNs in o=ipaca and deploy of new replica takes quite long).

Does anyone tried to do something like this? I'm quite affraid if simple
ldapdelete of many DNs in o=ipaca subtree wouldn't break DogTag somehow.

Do you have any ideas if something can break by removal of old (expired and also
non-expired) certificates from o=ipaca ? Thanks in advance for any advice.

Regards, Adam

Adam Tkac
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to