mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-13 01:31:56 -06:00
044d887e81
When ipa-replica-prepare is run on a master upgraded from CA-less to CA-full, it creates the replica file with a copy of the local /etc/ipa/ca.crt. This causes issues if this file hasn't been updated with ipa-certupdate, as it contains the external CA that signed http/ldap certs, but not the newly installed IPA CA. As a consequence, ipa-replica-install fails with "Could not find a CA cert". The fix consists in retrieving the CA certificates from LDAP instead of the local /etc/ipa/ca.crt. https://fedorahosted.org/freeipa/ticket/6375 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Tomas Krizek <tkrizek@redhat.com> |
||
|---|---|---|
| .. | ||
| advise | ||
| install | ||
| plugins | ||
| __init__.py | ||
| dcerpc.py | ||
| dns_data_management.py | ||
| Makefile.am | ||
| rpcserver.py | ||
| servroles.py | ||
| session.py | ||
| setup.cfg | ||
| setup.py | ||
| topology.py | ||