freeipa

IntenseWebs/freeipa

Fork 0

mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00

Commit Graph

Author	SHA1	Message	Date
Christian Heimes	b606fa6cca	Duplicate CA CRT: ignore expected cert When search for duplicate CA certs ignore the one expected entry. Related: https://pagure.io/freeipa/issue/7125 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>	2020-09-18 14:20:08 -04:00
Christian Heimes	0a2b6ca6ee	Only restart DS when duplicate cacrt was found The update_fix_duplicate_cacrt_in_ldap plugin no longer restarts DS when CA is disabled or no duplicate cacrt entry was dedected. Related: https://pagure.io/freeipa/issue/7125 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>	2020-09-11 13:22:42 -04:00
Florence Blanc-Renaud	69bda6b440	Fix ipa-server-upgrade: This entry already exists ipa-server-upgrade fails when running the ipaload_cacrt plugin. The plugin finds all CA certificates in /etc/httpd/alias and uploads them in LDAP below cn=certificates,cn=ipa,cn=etc,$BASEDN. The issue happens because there is already an entry in LDAP for IPA CA, but with a different DN. The nickname in /etc/httpd/alias can differ from $DOMAIN IPA CA. To avoid the issue: 1/ during upgrade, run a new plugin that removes duplicates and restarts ldap (to make sure that uniqueness attr plugin is working after the new plugin) 2/ modify upload_cacert plugin so that it is using $DOMAIN IPA CA instead of cn=$nickname,cn=ipa,cn=etc,$BASEDN when uploading IPA CA. https://pagure.io/freeipa/issue/7125 Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>	2017-08-30 12:47:53 +02:00

Author

SHA1

Message

Date

Christian Heimes

b606fa6cca

Duplicate CA CRT: ignore expected cert

When search for duplicate CA certs ignore the one expected entry.

Related: https://pagure.io/freeipa/issue/7125
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>

2020-09-18 14:20:08 -04:00

Christian Heimes

0a2b6ca6ee

Only restart DS when duplicate cacrt was found

The update_fix_duplicate_cacrt_in_ldap plugin no longer restarts DS when
CA is disabled or no duplicate cacrt entry was dedected.

Related: https://pagure.io/freeipa/issue/7125
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>

2020-09-11 13:22:42 -04:00

Florence Blanc-Renaud

69bda6b440

Fix ipa-server-upgrade: This entry already exists

ipa-server-upgrade fails when running the ipaload_cacrt plugin. The plugin
finds all CA certificates in /etc/httpd/alias and uploads them in LDAP
below cn=certificates,cn=ipa,cn=etc,$BASEDN.
The issue happens because there is already an entry in LDAP for IPA CA, but
with a different DN. The nickname in /etc/httpd/alias can differ from
$DOMAIN IPA CA.

To avoid the issue:
1/ during upgrade, run a new plugin that removes duplicates and restarts ldap
(to make sure that uniqueness attr plugin is working after the new plugin)
2/ modify upload_cacert plugin so that it is using $DOMAIN IPA CA instead of
cn=$nickname,cn=ipa,cn=etc,$BASEDN when uploading IPA CA.

https://pagure.io/freeipa/issue/7125

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>

2017-08-30 12:47:53 +02:00

3 Commits