we are currently facing issue with huge number of outdated certificate entries
in o=ipaca LDAP subtree (many servers no longer exists, certificates already
and we would like to remove them to decrease number of entries in LDAP and also
to speed-up initial replication of o=ipaca subtree (we have more than 700 000
DNs in o=ipaca and deploy of new replica takes quite long).
Does anyone tried to do something like this? I'm quite affraid if simple
ldapdelete of many DNs in o=ipaca subtree wouldn't break DogTag somehow.
Do you have any ideas if something can break by removal of old (expired and also
non-expired) certificates from o=ipaca ? Thanks in advance for any advice.
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org