[Freeipa-devel] [PATCH] Changes to use a single database for dogtag and IPA
Martin Kosek
mkosek at redhat.com
Fri Nov 23 12:49:08 UTC 2012
On 11/23/2012 01:44 PM, Petr Viktorin wrote:
> Since this branch became somewhat unwieldy, here's a quick summary.
>
> Patches are pushed to master (1d3ddef~..bef251a).
> Martin's patch was also pushed to 3.0 (83d2822) and 2.2 (18b873c).
> This fixes ipa-replica-manage to only manage the IPA agreements, not the PKI ones.
>
> There is an outstanding issue: SELinux prevents connecting to the old PKI DS
> port (7389), preventing CA replicas to old masters.
> https://bugzilla.redhat.com/show_bug.cgi?id=879516
> Please test in permissive mode until it's fixed.
Small addendum: permissive mode is needed only for replicas with CA, where the
remote master has separate LDAP instance for Dogtag. A network of IPA 3.1
replicas should work SELinux enforced.
Martin
More information about the Freeipa-devel
mailing list