[Freeipa-devel] [PATCH] 161 Use configured dogtag LDAP port instead of default one when renewing certs
Jan Cholasta
jcholast at redhat.com
Thu Aug 29 14:32:47 UTC 2013
On 23.7.2013 18:26, Jan Cholasta wrote:
> On 22.7.2013 17:40, Simo Sorce wrote:
>> On Mon, 2013-07-22 at 17:36 +0200, Jan Cholasta wrote:
>>> if nickname == 'subsystemCert cert-pki-ca':
>>> - update_people_entry('pkidbuser', cert)
>>> + update_people_entry(dogtag_uri, 'pkidbuser', cert)
>>>
>>>
>> This is probably wrong, there is no pkidbuser in old instances.
>>
>> My subsystemCert has a subject of "CN=CA Subsystem,O=REALM" and this
>> cert is associated to an object named:
>> uid=CA-<sevrver-name>-9443,ou=people,o=ipaca
>>
>> I think you need to search the db to find the right object(s) to update.
>
> Right. Updated patch attached.
>
> Honza
>
Rebased on top of current master & ipa-3-1.
--
Jan Cholasta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-161.2-Fix-certificate-renewal-scripts-to-work-with-separat.patch
Type: text/x-patch
Size: 5872 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130829/1e758421/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-161.2-Fix-certificate-renewal-scripts-to-work-with-separat-ipa-3-1.patch
Type: text/x-patch
Size: 6017 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130829/1e758421/attachment-0001.bin>
More information about the Freeipa-devel
mailing list