Bug 675742
Summary: | Profile caIPAserviceCert Not Found | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] freeIPA | Reporter: | Rob Crittenden <rcritten> | ||||
Component: | ipa-server | Assignee: | Rob Crittenden <rcritten> | ||||
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | ||||
Severity: | urgent | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 2.0 | CC: | awnuk, benl, dpal, jgalipea | ||||
Target Milestone: | v2 release | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | freeipa-2.1.0-1.fc15 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 675789 (view as bug list) | Environment: | |||||
Last Closed: | 2012-03-28 09:26:56 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 541012, 675789 | ||||||
Attachments: |
|
Description
Rob Crittenden
2011-02-07 15:38:09 UTC
Created attachment 477436 [details]
caIPAserviceCert.cfg
IPA installer modifies caIPAserviceCert profile by adding instance specific names for example: policyset.serverCertSet.1.default.params.name= CN=$request.req_subject_name.cn$, O=SJC.REDHAT.COM or policyset.serverCertSet.9.default.params.crlDistPointsPointName_0= https://works4me.sjc.redhat.com/ipa/crl/MasterCRL.bin Above modification are also causing change of file ownership from -rw-rw----. 1 pkiuser pkiuser 6215 Feb 1 14:04 caIPAserviceCert.cfg to -rw-rw----. 1 root root 6215 Feb 1 14:04 caIPAserviceCert.cfg IPA installer after profile update should run command like "chown pkiuser:pkiuser caIPAserviceCert.cfg" to recover original file ownership. Note that user and group names have to synchronized with parameters used by pkicreate. pkicreate -pki_instance_root=/var/lib \ -pki_instance_name=pki-ca \ -subsystem_type=ca \ -agent_secure_port=9443 \ -ee_secure_port=9444 \ -ee_secure_client_auth_port=9446 \ -admin_secure_port=9445 \ -unsecure_port=9180 \ -tomcat_server_port=9701 \ -user=pkiuser \ -group=pkiuser \ -redirect conf=/etc/pki-ca \ -redirect logs=/var/log/pki-ca \ -verbose master: 95b0563817c20bd7d7d82719d8baf8eac2bc9098 |