[Freeipa-devel] [PATCH] 161 Use configured dogtag LDAP port instead of default one when renewing certs
Jan Cholasta
jcholast at redhat.com
Tue Jul 23 16:26:20 UTC 2013
On 22.7.2013 17:40, Simo Sorce wrote:
> On Mon, 2013-07-22 at 17:36 +0200, Jan Cholasta wrote:
>> if nickname == 'subsystemCert cert-pki-ca':
>> - update_people_entry('pkidbuser', cert)
>> + update_people_entry(dogtag_uri, 'pkidbuser', cert)
>>
>>
> This is probably wrong, there is no pkidbuser in old instances.
>
> My subsystemCert has a subject of "CN=CA Subsystem,O=REALM" and this
> cert is associated to an object named:
> uid=CA-<sevrver-name>-9443,ou=people,o=ipaca
>
> I think you need to search the db to find the right object(s) to update.
Right. Updated patch attached.
Honza
--
Jan Cholasta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-161.1-Fix-certificate-renewal-scripts-to-work-with-separat.patch
Type: text/x-patch
Size: 5811 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130723/eb30e079/attachment.bin>
More information about the Freeipa-devel
mailing list