IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-11 00:31:56 -06:00
Code Issues Packages Projects Releases Wiki Activity
21a9a7107a
freeipa/install
History
Fraser Tweedale 21a9a7107a install: fix --external-ca-profile option 
Commit dd47cfc75a removed the ability
to set pki_req_ext_oid and pki_req_ext_data in the pkispawn config.
This results in the --external-ca-profile option never setting the
requested values in the CSR (the default V1 template type specifying
"SubCA" is always used).

Remove relevant fields from both ipaca_default.ini and
ipaca_customize.ini.  This allows the IPA framework to set the
values (i.e. when --external-ca-type=ms-cs and
--external-ca-profile=... demand it).  It also allows users to
override the pki_req_ext_* settings.

Part of: https://pagure.io/freeipa/issue/7548
Related: https://pagure.io/freeipa/issue/5608
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2019-07-17 17:58:58 +03:00
..
certmonger Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
custodia Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
html Fix javascript 'errors' found by jslint 2018-09-27 16:33:25 +02:00
migration Use new LDAPClient constructors 2019-02-05 08:39:13 -05:00
oddjob trust-fetch-domains: make sure we use right KDC when --server is specified 2019-06-28 13:30:59 +02:00
restart_scripts Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
share install: fix --external-ca-profile option 2019-07-17 17:58:58 +03:00
tools move MSCSTemplate classes to ipalib 2019-07-17 17:58:58 +03:00
ui Add SMB attributes for users 2019-07-01 13:21:21 +02:00
updates Create indexes for altSecurityIdentities and ipaCertmapData attributes 2019-07-17 17:50:07 +03:00
wsgi Add absolute_import future imports 2018-04-20 09:43:37 +02:00
Makefile.am Move Custodia secrets handler to scripts 2019-04-26 12:09:22 +02:00
README.schema Add some basic rules for adding new schema 2010-08-27 13:40:37 -04:00

README.schema 

Ground rules on adding new schema

Brand new schema, particularly when written specifically for IPA, should be
added in share/*.ldif. Any new files need to be explicitly loaded in
ipaserver/install/dsinstance.py. These simply get copied directly into
the new instance schema directory.

Existing schema (e.g. in an LDAP draft) may either be added as a separate
ldif in share or as an update in the updates directory. The advantage of
adding the schema as an update is if 389-ds ever adds the schema then the
installation won't fail due to existing schema failing to load during
bootstrap.

If the new schema requires a new container then this should be added
to install/bootstrap-template.ldif.