mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
1a35a2e213
The CommonNameToSANDefault component was added to Dogtag 10.4. When a profile is configured to use it, this profile copies the CN in the certificate to the Subject Alternative Name extension as a dNSName (if and only if it does look like a DNS name). It is desirable that the default service profile use this component. Add it to the default profile, for new installations only. For existing installations, until a proper profile update mechanism is implemented, administrators who wish to use it must configure it via the 'certprofile-mod' command. Fixes: https://pagure.io/freeipa/issue/7007 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Ground rules on adding new schema Brand new schema, particularly when written specifically for IPA, should be added in share/*.ldif. Any new files need to be explicitly loaded in ipaserver/install/dsinstance.py. These simply get copied directly into the new instance schema directory. Existing schema (e.g. in an LDAP draft) may either be added as a separate ldif in share or as an update in the updates directory. The advantage of adding the schema as an update is if 389-ds ever adds the schema then the installation won't fail due to existing schema failing to load during bootstrap. If the new schema requires a new container then this should be added to install/bootstrap-template.ldif.