[Freeipa-devel] [freeipa PR#355][comment] Set up DS TLS on replica in CA-less topology
tomaskrizek
freeipa-github-notification at redhat.com
Tue Dec 20 15:53:22 UTC 2016
URL: https://github.com/freeipa/freeipa/pull/355
Title: #355: Set up DS TLS on replica in CA-less topology
tomaskrizek commented:
"""
89de60c was reveted because while it fixed this particular use case, it broke others. IIRC it broke regular replica promotion with CA.
The proper fix is not yet ready, nor on the IPA side (#41 is a step in the right direction, but it also requires some more code fixes, especially properly closing some ad hoc LDAP connections), nor on the NSS side (ETA unknown).
If this patch works and doesn't break other use cases, I would merge it and keep the ticket open. After the NSS bug is fixed, we can fix this properly.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/355#issuecomment-268278842
More information about the Freeipa-devel
mailing list