freeipa/install
Fraser Tweedale 7995518921 Restore old version of caIPAserviceCert for upgrade only
The latest version of caIPAserviceCert profile includes a feature
that is not available before Dogtag 10.4, and this version of the
profile is intended for new installs only (otherwise, problems will
arise in topologies containing CA replicas at an earlier version).
But IPA versions before v4.2 did not use LDAP-based profiles, so the
new version of the profile gets imported when upgrading from
pre-v4.2 to v4.5 or later.

We do not yet have a proper version- and topology-aware profile
update mechanism, so to resolve this issue, ship the older version
of the profile alongside the newer version, and make sure we use the
older version when importing the profile in an upgrade context.

https://pagure.io/freeipa/issue/7097

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2017-08-14 19:25:59 +02:00
..
certmonger Fixup of not-so-good PEM certs 2017-07-27 10:28:58 +02:00
conf Changing cert-find to go through the proxy instead of using the port 8080 2017-06-16 08:56:53 +02:00
html fix spelling mistake; minor rewording 2017-05-19 09:52:46 +02:00
migration logging: do not log into the root logger 2017-07-14 15:55:59 +02:00
oddjob wsgi, oddjob: remove needless uses of Env 2017-07-14 15:55:59 +02:00
restart_scripts x509: Make certificates represented as objects 2017-07-27 10:28:58 +02:00
share Restore old version of caIPAserviceCert for upgrade only 2017-08-14 19:25:59 +02:00
tools control logging of host_port_open from caller 2017-08-11 13:40:38 +02:00
ui WebUI: fix jslint error 2017-07-24 14:20:36 +02:00
updates Create indexes for 'serverhostname' attribute 2017-07-04 14:40:52 +02:00
wsgi logging: do not log into the root logger 2017-07-14 15:55:59 +02:00
Makefile.am Configure HTTPD to work via Gss-Proxy 2017-02-15 07:13:37 +01:00
README.schema Add some basic rules for adding new schema 2010-08-27 13:40:37 -04:00

Ground rules on adding new schema

Brand new schema, particularly when written specifically for IPA, should be
added in share/*.ldif. Any new files need to be explicitly loaded in
ipaserver/install/dsinstance.py. These simply get copied directly into
the new instance schema directory.

Existing schema (e.g. in an LDAP draft) may either be added as a separate
ldif in share or as an update in the updates directory. The advantage of
adding the schema as an update is if 389-ds ever adds the schema then the
installation won't fail due to existing schema failing to load during
bootstrap.

If the new schema requires a new container then this should be added
to install/bootstrap-template.ldif.