Bug 750529
Summary: | Doc CS replication errors to avoid user from facing unexpected problems | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Namita Soman <nsoman> | |
Component: | ipa | Assignee: | Martin Kosek <mkosek> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | IDM QE LIST <seceng-idm-qe-list> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 7.0 | CC: | dpal, jgalipea, mkosek | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 750596 (view as bug list) | Environment: | ||
Last Closed: | 2015-01-16 12:09:52 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 750596, 756082 |
Description
Namita Soman
2011-11-01 13:52:48 UTC
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2047 Here is a clearer way than I explained earlier. You have IPA server A and server B, both have a dogtag CA installed. There is a replication agreement between A and B for user, group, host, etc. data There is also a replication agreement between A and B because they both have a CA. This link shares the certificates issued between the two CAs. If you break the dogtag replication agreement between the two they will still share the other IPA data. So if you issue a certificate for a host or service on host A then host B will not know about that certificates by serial number. The reverse is true as well. This is because there is no replication agreement between the CAs. ipa-csreplica-manage and ipa-replica-manage already warn if last replication link is being created. I thus do not think this is no longer an issue. Some of the fixes were done for example in https://fedorahosted.org/freeipa/ticket/2858 I am thus closing thus bug. |