freeipa/ipalib
Florence Blanc-Renaud 69bda6b440 Fix ipa-server-upgrade: This entry already exists
ipa-server-upgrade fails when running the ipaload_cacrt plugin. The plugin
finds all CA certificates in /etc/httpd/alias and uploads them in LDAP
below cn=certificates,cn=ipa,cn=etc,$BASEDN.
The issue happens because there is already an entry in LDAP for IPA CA, but
with a different DN. The nickname in /etc/httpd/alias can differ from
$DOMAIN IPA CA.

To avoid the issue:
1/ during upgrade, run a new plugin that removes duplicates and restarts ldap
(to make sure that uniqueness attr plugin is working after the new plugin)
2/ modify upload_cacert plugin so that it is using $DOMAIN IPA CA instead of
cn=$nickname,cn=ipa,cn=etc,$BASEDN when uploading IPA CA.

https://pagure.io/freeipa/issue/7125

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2017-08-30 12:47:53 +02:00
..
install Fix ipa-server-upgrade: This entry already exists 2017-08-30 12:47:53 +02:00
__init__.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
aci.py Remove unused variables in the code 2016-09-27 13:35:58 +02:00
backend.py logging: remove object-specific loggers 2017-07-14 15:55:59 +02:00
base.py Modernize use of range() 2015-09-01 11:42:01 +02:00
capabilities.py Replace LooseVersion 2016-11-24 15:46:40 +01:00
cli.py Changing how commands handles error when it can't connect to IPA server 2017-08-11 13:55:39 +02:00
config.py config: provide defaults for xmlrpc_uri, ldap_uri and basedn 2017-07-04 12:06:33 +02:00
constants.py config: provide defaults for xmlrpc_uri, ldap_uri and basedn 2017-07-04 12:06:33 +02:00
crud.py ipalib, ipaserver: fix incorrect API.register calls in docstrings 2016-05-25 16:06:26 +02:00
dns.py dns: do not rely on custom param fields in record attributes 2016-06-20 16:39:12 +02:00
errors.py csrgen: Add code to generate scripts that generate CSRs 2017-01-31 10:20:28 +01:00
frontend.py logging: do not log into the root logger 2017-07-14 15:55:59 +02:00
krb_utils.py Allow login to WebUI using Kerberos aliases/enterprise principals 2017-03-08 15:56:11 +01:00
Makefile.am Build: Makefiles for Python packages 2016-11-09 13:08:32 +01:00
messages.py Fix malformed or missing docstrings in ipalib/messages 2016-08-16 11:59:35 +02:00
misc.py Add fix for ipa plugins command 2017-02-17 10:22:07 +01:00
output.py allow 'value' output param in commands without primary key 2016-07-20 13:57:01 +02:00
parameters.py Create a Certificate parameter 2017-07-27 10:28:58 +02:00
pkcs10.py cert-request: accept CSRs with extraneous data 2016-11-11 15:42:26 +01:00
plugable.py logging: make sure logging level is set to proper value 2017-07-26 15:57:56 +02:00
request.py remove trailing newlines form python modules 2016-10-12 10:38:52 +02:00
rpc.py rpc: don't encode bytes 2017-08-30 12:44:46 +02:00
setup.cfg Port all setup.py to setuptools 2016-10-20 18:43:37 +02:00
setup.py setup, pylint, spec file: drop python-nss dependency 2017-03-31 12:20:35 +02:00
text.py Python3 pylint fixes 2016-11-25 16:18:22 +01:00
util.py Changing how commands handles error when it can't connect to IPA server 2017-08-11 13:55:39 +02:00
x509.py client: make ipa-client-install py3 compatible 2017-08-02 16:13:18 +02:00