After performing promotion of a replica from CA-less master and examining default.conf, we can see that RA backend is enabled and RA plugin is set to Dogtag 10:
[global] basedn = dc=ipa,dc=test realm = IPA.TEST domain = ipa.test host = replica1.ipa.test xmlrpc_uri = https://replica1.ipa.test/ipa/xml enable_ra = True ldap_uri = ldapi://%2Fvar%2Frun%2Fslapd-IPA-TEST.socket mode = production ra_plugin = dogtag dogtag_version = 10
These settings are rather pointless in an environment without CA. Instead, we should disable them during promotion as is done in domain level 0 replica installation.
Steps to reproduce:
Expected results:
The RA-related directives should look like this:
enable_ra = False ra_plugin = None
Actual results:
instead the Dogtag RA backend is happily enabled:
enable_ra = True ra_plugin = dogtag dogtag_version = 10
master:
ipa-4-3:
Metadata Update from @mbabinsk: - Issue assigned to mbabinsk - Issue set to the milestone: FreeIPA 4.3.1
Login to comment on this ticket.