Bug 688345

Summary: Doc Review: need to document ldap publishing changes in 8.1
Product: Red Hat Certificate System Reporter: Ade Lee <alee>
Component: Doc-administration-guideAssignee: Deon Ballard <dlackey>
Status: CLOSED CURRENTRELEASE QA Contact: ecs-bugs
Severity: high Docs Contact:
Priority: high    
Version: 8.1CC: alee, awnuk, cfu, ckannan, jmagne, jskeoch, mharmsen
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-04 20:31:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 445047    

Description Ade Lee 2011-03-16 20:27:44 UTC 
Description of problem:
The changes are in 
https://bugzilla.redhat.com/show_bug.cgi?id=491183

They involve UI changes as well.  You'll need a console, and awnuk to explain them to you.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Deon Ballard 2011-03-22 16:28:59 UTC 
As far as I could tell, the schema changes removed an option from the LDAP publishing config and changed the schema. This had a fairly minimal doc impact.

* I changed the object class in 7.4.1
* I updated the screenshot in 7.4.3

http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Configuring_Publishers_for_LDAP_Publishing.html

* I updated the object class in the publishing module reference
http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Publishing_Module_Reference.html#LdapCaCertPublisher
Comment 2 Ade Lee 2011-04-06 14:32:33 UTC 
I'm going to defer to awnuk to review this.  But it is not true that the objectClass *has to be* pkiCA.  The old object classes are just as valid.

Also, it is possible (and sometimes desirable) to have multiple objectclasses.
Comment 3 Deon Ballard 2011-04-29 18:13:29 UTC 
Emailed to me from Andrew Wnuk, 4/27/11:

1. In "7.4.1. Configuring the LDAP Directory" there is a table with 3 columns: "Certificate Type", "Schema", and "Reason".
"Certificate Type" is not matching values placed in this column: "End-entity", "CA", "CRL".

I would replace "Certificate Type" with "Object Type" and update values to be "End-entity certificate", "CA certificate", "CRL"

2. In the above table there is missing row designated to delta CRL.
"Object Type": deltaCRL
"Schema":      deltaRevocationList;binary(attribute)
"Reason":      This is the attribute to which the Certificate Manager publishes the delta CRL.
The Certificate Manager publishes the delta CRL to its own LDAP directory entry. The entry corresponds to the Certificate Manager's issuer name.
This is an attribute of the deltaCRL or certificationAuthority-V2 object class. The value of the attribute is the DER-encoded binary X.509 deltaCRL.

3. In "C.1.5. LdapDeltaCrlPublisher" "deltaCRL attribute" should be replaced with "deltaRevocationList attribute"
and "deltaCRL;binary" should be replaced with "deltaRevocationList;binary"

4. In "C.1.7. OCSPPublisher" the "path" should be "/ocsp/agent/ocsp/addCRL" and there is nothing about certificate nickname required for client auth.
Comment 4 Deon Ballard 2011-05-02 14:02:16 UTC 
The fixes for comment #3:

1. and 2. In step 2: http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Configuring_Publishers_for_LDAP_Publishing.html#Configuring_the_Directory_for_LDAP_Publishing

3. http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Publishing_Module_Reference.html#LdapDeltaCrlPublisher

4. http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Publishing_Module_Reference.html#OCSPPublisher
Comment 5 Deon Ballard 2011-05-19 18:16:09 UTC 
Changing MODIFIED bugs to ON_QA.