pki.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Fraser Tweedale <ftweedal@redhat.com>	2016-06-22 13:34:01 +1000
committer	Fraser Tweedale <ftweedal@redhat.com>	2016-07-01 10:55:39 +1000
commit	2dea243d51765e3a8f01f7680592143c842921ce (patch)
tree	80524916d5a6f86f2d20e1e3a66932161ca17cd5 /base/server/python
parent	ca8edcd504ab81dbc30547c3c59a51fe98ff21cf (diff)
download	pki-2dea243d51765e3a8f01f7680592143c842921ce.tar.gz pki-2dea243d51765e3a8f01f7680592143c842921ce.tar.xz pki-2dea243d51765e3a8f01f7680592143c842921ce.zip

Add profiles container to LDAP if missing

CMS startup was changed a while back to wait for LDAPProfileSubsystem initialisation, while LDAPProfileSubsystem initialisation waits for all known profiles to be loaded by the LDAP persistent search thread. If the ou=certificateProfiles container object does not exist, startup hangs. This can cause a race condition in FreeIPA upgrade. FreeIPA switches the Dogtag instance to the LDAPProfileSubsystem and restarts it. The restart fails because the container object does not get added until after the restart. Update LDAPProfileSubsystem to add the container object itself, if it is missing, before commencing the persistent search. Fixes: https://fedorahosted.org/pki/ticket/2285

Diffstat (limited to 'base/server/python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: