[Freeipa-devel] [PATCH] 0043 Allow-PKI-CA-Replica-Installs-when-CRL-exceeds-default
JR Aquino
JR.Aquino at citrix.com
Wed Dec 19 20:52:46 UTC 2012
Due to a limitation with 389 DS, the nsslapd-maxbersize cannot be set dynamically.
This causes an issue during IPA PKI-CA Replica installs, when the master has a CRL that exceeds the default limit.
The cainstance.py code attempts to set this value prior to performing the initial PKI-CA replication, however, since the value cannot be set dynamically, the installation fails.
This patch works around the issue by adding the ldif to the original initialization values bootstrapped by the call to setup-ds.pl
FreeIPA Ticket:
https://fedorahosted.org/freeipa/ticket/3314
Upstream 389 Ticket:
https://fedorahosted.org/389/ticket/542
"Keeping your head in the cloud"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
JR Aquino
Senior Information Security Specialist, Technical Operations
T: +1 805 690 3478 | F: +1 805 879 3730 | M: +1 805 717 0365
GIAC Certified Exploit Researcher and Advanced Penetration Tester |
GIAC WebApplication Penetration Tester | GIAC Certified Incident Handler
JR.Aquino at citrix.com
[cid:ba63f4c4-1eef-428b-adb2-ab9598cbdf0e at citrixonline.com]
Powering mobile workstyles and cloud services
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 15835 bytes
Desc: image002.jpg
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20121219/80caa8e8/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jraquino-0043-Allow-PKI-CA-Replica-Installs-when-CRL-exceeds-default.patch
Type: application/octet-stream
Size: 839 bytes
Desc: freeipa-jraquino-0043-Allow-PKI-CA-Replica-Installs-when-CRL-exceeds-default.patch
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20121219/80caa8e8/attachment.obj>
More information about the Freeipa-devel
mailing list