Create a tool to manage the CS replications agreements outside of the ipa-replica-manage tool.
- Create tool - Create man pages - Create unit tests - Update ipa-replica-manage not to try to work with CS instance
Ticket is related to ticket #1031
JR was very kind to agree to take this ticket.
Hrm: #4 Update ipa-replica-manage not to try to work with CS instance
Is ipa-replica-manage currently attempting to do anything at all with the CS instance?
Yes, AFAIK, it does. But it needs the DM password.
Replying to [comment:6 jraquino]:
Hrm: #4 Update ipa-replica-manage not to try to work with CS instance Is ipa-replica-manage currently attempting to do anything at all with the CS instance?
No, nothing at all, ipa-replica-manage is completely unaware of the CS instance.
Ah also, you may want to take a look at how ipa-replica-manage behaved before we change it to use GSSAPI auth for the replicas. As that's what you'll have to use with the CS instances.
Spent 8 hours yesterday trying to get a single successful replica install. Still no luck.
Continuing my efforts today.
Got the replicas installed. Trying to determine how the replica structure is handled for CertServ. There appears to be a container in cn=etc on the FreeIPA side of the fence, but its unclear if that is where the information regarding the CS Replica masters should be / are currently documented.
Theres a lot of areas that will need to strip out the gssapi dependency, and other areas where winsync can be ommited for the stand alone management tool.
attachment freeipa-rcrit-825-replicamanage.patch
master: 3fdca99
ipa-2-0: 268aad9
Metadata Update from @dpal: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.1 - 2011/07
Login to comment on this ticket.