Hello all, we are currently facing issue with huge number of outdated certificate entries in o=ipaca LDAP subtree (many servers no longer exists, certificates already expired etc) and we would like to remove them to decrease number of entries in LDAP and also to speed-up initial replication of o=ipaca subtree (we have more than 700 000 DNs in o=ipaca and deploy of new replica takes quite long).
Does anyone tried to do something like this? I'm quite affraid if simple ldapdelete of many DNs in o=ipaca subtree wouldn't break DogTag somehow. Do you have any ideas if something can break by removal of old (expired and also non-expired) certificates from o=ipaca ? Thanks in advance for any advice. Regards, Adam -- Adam Tkac _______________________________________________ FreeIPA-users mailing list -- firstname.lastname@example.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org