summaryrefslogtreecommitdiffstats
path: root/ipalib/text.py
diff options
context:
space:
mode:
authorFlorence Blanc-Renaud <flo@redhat.com>2016-11-09 15:14:27 +0100
committerMartin Basti <mbasti@redhat.com>2016-11-25 09:26:22 +0100
commit044d887e81d433b43c33b076a21fd1054796786e (patch)
treefd3ab4eb1e8003e006ed75eb0ef80e383cc3aa0f /ipalib/text.py
parente617f895e70e6812836870f504af6e22a5dc7def (diff)
downloadfreeipa-044d887e81d433b43c33b076a21fd1054796786e.tar.gz
freeipa-044d887e81d433b43c33b076a21fd1054796786e.tar.xz
freeipa-044d887e81d433b43c33b076a21fd1054796786e.zip
Fix ipa-replica-install when upgrade from ca-less to ca-full
When ipa-replica-prepare is run on a master upgraded from CA-less to CA-full, it creates the replica file with a copy of the local /etc/ipa/ca.crt. This causes issues if this file hasn't been updated with ipa-certupdate, as it contains the external CA that signed http/ldap certs, but not the newly installed IPA CA. As a consequence, ipa-replica-install fails with "Could not find a CA cert". The fix consists in retrieving the CA certificates from LDAP instead of the local /etc/ipa/ca.crt. https://fedorahosted.org/freeipa/ticket/6375 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Diffstat (limited to 'ipalib/text.py')
0 files changed, 0 insertions, 0 deletions
generated by cgit (git 2.34.1) at 2024-06-09 14:21:27 +0000