Bug 1410760 – ipa-ca-install fails on replica when IPA Master is installed without CA

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1410760 - ipa-ca-install fails on replica when IPA Master is installed without CA

Summary:	ipa-ca-install fails on replica when IPA Master is installed without CA

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	ipa (Show other bugs)
Sub Component:
Version:	7.3
Hardware:	Unspecified Unspecified

Priority	high Severity high
Target Milestone:	rc
Target Release:	---
Assigned To:	IPA Maintainers
QA Contact:	Kaleem
Docs Contact:	Marc Muehlfeld

URL:
Whiteboard:
Keywords:	ZStream

Depends On:	1365858
Blocks:
	Show dependency tree / graph

Reported:	2017-01-06 06:59 EST by Jaroslav Reznik
Modified:	2017-03-02 12:25 EST (History)
CC List:	13 users (show)

See Also:
Fixed In Version:	ipa-4.4.0-14.el7_3.5
Doc Type:	Bug Fix
Doc Text:	Previously, during an Identity Management (IdM) replica installation that runs on domain level "1" or higher, Directory Server was not configured to use TLS encryption. As a consequence, installing a certificate authority (CA) on that replica failed. Directory Server is now configured to use TLS encryption during the replica installation and as a result, the CA installation works as expected.
Story Points:	---
Clone Of:	1365858
Environment:
Last Closed:	2017-03-02 12:25:47 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
console.log (20.82 KB, text/plain) 2017-02-01 11:10 EST, Abhijeet Kasurde	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2017:0388	normal	SHIPPED_LIVE	Moderate: ipa security and bug fix update	2017-03-02 17:06:32 EST

Groups: None (edit)

Description Jaroslav Reznik 2017-01-06 06:59:22 EST

This bug has been copied from bug #1365858 and has been proposed
to be backported to 7.3 z-stream (EUS).

Comment 3 Petr Vobornik 2017-01-06 12:42:02 EST

Fixed upstream
ipa-4-4:
https://fedorahosted.org/freeipa/changeset/cdb6ffb779b7e1e563494eb3234b2441ba74d692

Comment 5 Abhijeet Kasurde 2017-02-01 11:10 EST

Created attachment 1246712 [details]
console.log

Comment 6 Abhijeet Kasurde 2017-02-01 11:12:06 EST

Verified using IPA version::
ipa-server-4.4.0-14.el7_3.6.x86_64

Marking BZ as verified, please see attachment for console.log.

Comment 14 errata-xmlrpc 2017-03-02 12:25:47 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2017-0388.html

Note You need to log in before you can comment on or make changes to this bug.