freeipa/install
Jan Cholasta 09a49ad458 cainstance: use correct profile for lightweight CA certificates
Use Dogtag's `caCACert` CA certificate profile rather than the
`ipaCACertRenewal` virtual profile for lightweight CA certificates.

The `ipaCACertRenewal` virtual profile adds special handling of externally
signed CA certificates and LDAP replication of issued certificates on top
of `caCACert`, neither of which is relevant for lightweight CA
certificates.

Remove all of the special casing of lightweight CA certificates from
dogtag-ipa-ca-renew-agent-submit.

Make sure existing lightweight CA certmonger tracking requests are updated
on server upgrade.

https://pagure.io/freeipa/issue/5799

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2017-05-15 12:14:28 +02:00
..
certmonger cainstance: use correct profile for lightweight CA certificates 2017-05-15 12:14:28 +02:00
conf Bump version of ipa.conf file 2017-05-11 17:00:27 +02:00
html Build: remove incorrect use of MAINTAINERCLEANFILES 2016-11-16 09:12:07 +01:00
migration Set explicit confdir option for global contexts 2016-12-02 09:14:35 +01:00
oddjob Add a new user to run the framework code 2017-02-15 07:13:37 +01:00
restart_scripts Turn on NSSOCSP check in mod_nss conf 2017-05-10 09:08:34 +02:00
share Move the compat plugin setup at the end of install 2017-04-24 17:11:51 +02:00
tools ipa-kra-install manpage: document domain-level 1 2017-05-11 17:03:00 +02:00
ui WebUI - Coverity: fix identical branches of if statement 2017-04-25 12:23:12 +02:00
updates compat plugin: Update link to slapi-nis project 2017-04-24 17:11:51 +02:00
wsgi Build: remove incorrect use of MAINTAINERCLEANFILES 2016-11-16 09:12:07 +01:00
Makefile.am Configure HTTPD to work via Gss-Proxy 2017-02-15 07:13:37 +01:00
README.schema Add some basic rules for adding new schema 2010-08-27 13:40:37 -04:00

Ground rules on adding new schema

Brand new schema, particularly when written specifically for IPA, should be
added in share/*.ldif. Any new files need to be explicitly loaded in
ipaserver/install/dsinstance.py. These simply get copied directly into
the new instance schema directory.

Existing schema (e.g. in an LDAP draft) may either be added as a separate
ldif in share or as an update in the updates directory. The advantage of
adding the schema as an update is if 389-ds ever adds the schema then the
installation won't fail due to existing schema failing to load during
bootstrap.

If the new schema requires a new container then this should be added
to install/bootstrap-template.ldif.