mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
The subject base is used as a fallback to find the available CA certificates during client enrollment if the LDAP connection fails (e.g. due to new client connecting to very old server) and for constructing the subject if a certificate is requested. raw=True is passed to config-show in order to avoid parsing the server roles which will fail because the services aren't marked as enabled until after the client installation is successful on a master. ipa-join providing the subject base via stderr was fragile and would cause client enrollment to fail if any other output was included in stderr. https://pagure.io/freeipa/issue/7674 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>