pp via FreeIPA-users wrote: >> The strange thing is this upgrade code has been in IPA since 4.9.0 so >> its unclear why it decided to break now, and in the way it did. >> >> It should only change the attribute from requiredSecret to secret if >> "tomcat version" reports a version >= 9.0.31.0. > Yes, I noticed the python function returns the correct value (false) when > checking for my tomcat version and should use "requiredSecret" as a result.
The CA has its own upgrade code which runs unconditionally and I think that's how both secret and requiredSecret got added to server.xml. I wasn't able to duplicate the 403 though, it always just worked for me. Perhaps it has to go through more than one upgrade cycle. I did my testing on RHEL 8. I filed https://bugzilla.redhat.com/show_bug.cgi?id=2006070 against pki-core. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure