[Freeipa-devel] [PATCH] 161 Use configured dogtag LDAP port instead of default one when renewing certs
Simo Sorce
simo at redhat.com
Mon Jul 22 15:40:56 UTC 2013
On Mon, 2013-07-22 at 17:36 +0200, Jan Cholasta wrote:
> if nickname == 'subsystemCert cert-pki-ca':
> - update_people_entry('pkidbuser', cert)
> + update_people_entry(dogtag_uri, 'pkidbuser', cert)
>
>
This is probably wrong, there is no pkidbuser in old instances.
My subsystemCert has a subject of "CN=CA Subsystem,O=REALM" and this
cert is associated to an object named:
uid=CA-<sevrver-name>-9443,ou=people,o=ipaca
I think you need to search the db to find the right object(s) to update.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list