This bug is created as a clone of upstream ticket: https://fedorahosted.org/freeipa/ticket/4559 In RHEL 7.1, all certificates issued by IPA are interchangeably reusable in different environments, i.e. a certificate issued for mobile device can be used for VPN and vice versa. To scope certificates to a specific use without requiring additional access control knobs on behalf of the application that uses the certs, the profiles can be associated with a subCA. It should be possible to associate different profiles with different CAs so it should be a many to may relationship.
master: https://fedorahosted.org/freeipa/changeset/bc0c60688505968daf6851e3e179aab20e23af7d https://fedorahosted.org/freeipa/changeset/947af1a037609fa42cbfd794301d5a5c4061c81b
FreeIPA upstream project postponed the release to later release: https://fedorahosted.org/freeipa/ticket/4559#comment:8
master: https://fedorahosted.org/freeipa/changeset/fa149cff86a67ebfe2739df6467a6e10e47742cd
master: https://fedorahosted.org/freeipa/changeset/f94ccca6761f7dbe3f99855d181fe2cec380d476
master: https://fedorahosted.org/freeipa/changeset/b584ffa4ac9c61bad9e4e05e5b39bd0503e39dcd https://fedorahosted.org/freeipa/changeset/0d37d230c066f9eb703c81e0e21b1b6738703b41 https://fedorahosted.org/freeipa/changeset/b0d9a4728f0dc78e2bbde344beac17ae50b847a9 https://fedorahosted.org/freeipa/changeset/903a90fb4e7dc7eaddc1cc4f11083dad5c16db9b https://fedorahosted.org/freeipa/changeset/4660bb7ff0197649c8777151a3a2a5378929e842
master: https://fedorahosted.org/freeipa/changeset/3d4db834caa0688bcefc0092b7978402b783eaf3 https://fedorahosted.org/freeipa/changeset/7d8699580d44fc65ca50982107d7037f2a64aa60 https://fedorahosted.org/freeipa/changeset/9c93015e7877c27a573a5090f7c1c36130bb017b https://fedorahosted.org/freeipa/changeset/0b0c07858a11d0d5db859b321ba948ea6d0dfd65 https://fedorahosted.org/freeipa/changeset/ae6d5b79fbce83e5ded8d8d46108b193c164ac14 https://fedorahosted.org/freeipa/changeset/08e0aa23b0d2c7226472670b4d29d3cc5c5242d6 https://fedorahosted.org/freeipa/changeset/f0915e61986f545ad9b282fa90a4b1d0538829c5
Upstream ticket: https://fedorahosted.org/freeipa/ticket/5963
master: https://fedorahosted.org/freeipa/changeset/b59e82298ca0322713bc1dd947ba7a0ae79e44ce
master: https://fedorahosted.org/freeipa/changeset/47d33f36507d7af16daff5b9f7e4b4acfc6d963b
master: https://fedorahosted.org/freeipa/changeset/f0b1e37d2e048b5f375ec485e2b69e722a7bc7b7 https://fedorahosted.org/freeipa/changeset/67f13c82d877a9909ab89d3d30eeb7c966cc09e4 https://fedorahosted.org/freeipa/changeset/b720aa94e9317b857734c08a69fe2dcc0d95bf68 https://fedorahosted.org/freeipa/changeset/0078e7a9192a940104d8f6621b33d24d814c109b
Upstream ticket: https://fedorahosted.org/freeipa/ticket/5999
master: https://fedorahosted.org/freeipa/changeset/ffb1f5b1f24f0de30529d50f8c8dfb9a896c149e
master: https://fedorahosted.org/freeipa/changeset/0334693cfc56bc2788ea3b4f3cea9547c9c00340 https://fedorahosted.org/freeipa/changeset/3ac3882631564cd774114e61e607fffdbd667eee
master: https://fedorahosted.org/freeipa/changeset/4844eaec197690e21c6cf44743df7f456d0e185d
The core of the feature is finished. Moving to modified. There might be regression or minor parts missing. They should be tracked in separate bugzillas.
Following commits added tests in upstream 4.4.1 master: https://fedorahosted.org/freeipa/changeset/ea9b15f435c6327c6f642e3e8093796229d94598 https://fedorahosted.org/freeipa/changeset/5b37aaad7718bd0214053fd2e758ba7dc332e21d https://fedorahosted.org/freeipa/changeset/d88a12f1f59640bb6593169aa4c7ea204af18cee https://fedorahosted.org/freeipa/changeset/0277a89825cf0d8d1099f537d9eb4ab1020751d2
Observed BZ1368424
Created attachment 1192114 [details] tkt_4559.log
Created attachment 1192118 [details] tkt_5999.log
Created attachment 1192121 [details] tkt_5963.log
Verified using IPA version :: ipa-server-4.4.0-8.el7.x86_64 Marking RFE BZ as verified. Please see attached logs for console log.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html