freeipa

Clone
Source Code
GIT

#6406 Use common mechanism for setting up initial replication in both domain levels
Closed: Fixed None Opened 7 years ago by mbabinsk.

Closed: Fixed
Reopen Issue

Replica installers use different method to set up replication agreements and do initial sync in domain level 0 and domain level 1, respectively:

  • in DL0 the agreements are created using simple binds/STARTTLS and are converted to use SASL/GSSAPI mech later during KDC install

  • in DL1 the agreements are configured to use GSSAPI right away

Preliminary prototyping shows that both domain levels may share the mechanism used in DL1 after some adjustments are made regarding service keytab retrieval (see #6405). This helps to keep the amount of DL-specific code at minimum.

Care must be taken to ensure that the common mechanism works against older masters.

Part of the installer refactoring effort.

master:

  • 9d7943f Turn replication manager group into ReplicationManager class member
  • 3dc9ab1 replication: augment setup_promote_replication method
  • cf6048a replication: refactor the code setting principals as replica bind DNs
  • 8378e1e ensure that the initial sync using GSSAPI works agains old masters
  • ce2bb47 Use common procedure to setup initial replication in both domain levels

Metadata Update from @mbabinsk:
- Issue assigned to mbabinsk
- Issue set to the milestone: FreeIPA 4.5
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
#6405
None
Installation
#6392
None
None
None
None
None
0
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.