Yes that looks exactly like it, thank you.
Are you aware of a workaround available? Like changing manually the CS.cfg?


On 27 February 2016 at 21:40, Alexander Bokovoy <aboko...@redhat.com> wrote:

> On Sat, 27 Feb 2016, Alessandro De Maria wrote:
>
>> great that explains a lot! Thank you.
>>
>> My hunt for > 4.2.0 was just because in the release note for 4.2.1 it had:
>>
>>   - Various fixes for new Certificates Profiles feature
>>
>>
>> So I immediately assumed the problem I might be experiencing could be
>> fixed
>> by an upgrade (I have tried everything else I know)
>>
>> But thank you this is already very helpful.
>>
>> I hope I can find some other pointed to understand my issue then.
>>
> I think you are hitting https://fedorahosted.org/freeipa/ticket/5682
>
> commit 704319c3eaf74e0531dd2aa1e5880db7b6ab830c
> Author: Martin Babinsky <mbabi...@redhat.com>
> Date:   Mon Feb 22 13:35:41 2016 +0100
>
>    upgrade: unconditional import of certificate profiles into LDAP
>       During IPA server upgrade, the migration of Dogtag profiles into LDAP
>    backend was bound to the update of CS.cfg which enabled the LDAP profile
>    subsystem. If the subsequent profile migration failed, the subsequent
>    upgrades were not executing the migration code leaving CA subsystem in
>    broken state. Therefore the migration code path should be executed
>    regardless of the status of the main Dogtag config file.
>       https://fedorahosted.org/freeipa/ticket/5682
>       Reviewed-By: Fraser Tweedale <ftwee...@redhat.com>
>    Reviewed-By: Jan Cholasta <jchol...@redhat.com>
>
> This should be part of 4.2.4 release and will eventually make into
> RHEL/CentOS updates.
>
> --
> / Alexander Bokovoy
>



-- 
Alessandro De Maria
alessandro.dema...@gmail.com
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to