Bug 688345 - Doc Review: need to document ldap publishing changes in 8.1
Summary: Doc Review: need to document ldap publishing changes in 8.1
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Certificate System
Classification: Red Hat
Component: Doc-administration-guide
Version: 8.1
Hardware: All
OS: All
high
high
Target Milestone: rc
: ---
Assignee: Deon Ballard
QA Contact: ecs-bugs
URL:
Whiteboard:
Depends On:
Blocks: 445047
TreeView+ depends on / blocked
 
Reported: 2011-03-16 20:27 UTC by Ade Lee
Modified: 2017-04-10 14:21 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-06-04 20:31:08 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Ade Lee 2011-03-16 20:27:44 UTC 
Description of problem:
The changes are in 
https://bugzilla.redhat.com/show_bug.cgi?id=491183

They involve UI changes as well.  You'll need a console, and awnuk to explain them to you.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Deon Ballard 2011-03-22 16:28:59 UTC 
As far as I could tell, the schema changes removed an option from the LDAP publishing config and changed the schema. This had a fairly minimal doc impact.

* I changed the object class in 7.4.1
* I updated the screenshot in 7.4.3

http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Configuring_Publishers_for_LDAP_Publishing.html

* I updated the object class in the publishing module reference
http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Publishing_Module_Reference.html#LdapCaCertPublisher
Comment 2 Ade Lee 2011-04-06 14:32:33 UTC 
I'm going to defer to awnuk to review this.  But it is not true that the objectClass *has to be* pkiCA.  The old object classes are just as valid.

Also, it is possible (and sometimes desirable) to have multiple objectclasses.
Comment 3 Deon Ballard 2011-04-29 18:13:29 UTC 
Emailed to me from Andrew Wnuk, 4/27/11:

1. In "7.4.1. Configuring the LDAP Directory" there is a table with 3 columns: "Certificate Type", "Schema", and "Reason".
"Certificate Type" is not matching values placed in this column: "End-entity", "CA", "CRL".

I would replace "Certificate Type" with "Object Type" and update values to be "End-entity certificate", "CA certificate", "CRL"

2. In the above table there is missing row designated to delta CRL.
"Object Type": deltaCRL
"Schema":      deltaRevocationList;binary(attribute)
"Reason":      This is the attribute to which the Certificate Manager publishes the delta CRL.
The Certificate Manager publishes the delta CRL to its own LDAP directory entry. The entry corresponds to the Certificate Manager's issuer name.
This is an attribute of the deltaCRL or certificationAuthority-V2 object class. The value of the attribute is the DER-encoded binary X.509 deltaCRL.

3. In "C.1.5. LdapDeltaCrlPublisher" "deltaCRL attribute" should be replaced with "deltaRevocationList attribute"
and "deltaCRL;binary" should be replaced with "deltaRevocationList;binary"

4. In "C.1.7. OCSPPublisher" the "path" should be "/ocsp/agent/ocsp/addCRL" and there is nothing about certificate nickname required for client auth.
Comment 4 Deon Ballard 2011-05-02 14:02:16 UTC 
The fixes for comment #3:

1. and 2. In step 2: http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Configuring_Publishers_for_LDAP_Publishing.html#Configuring_the_Directory_for_LDAP_Publishing

3. http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Publishing_Module_Reference.html#LdapDeltaCrlPublisher

4. http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Publishing_Module_Reference.html#OCSPPublisher
Comment 5 Deon Ballard 2011-05-19 18:16:09 UTC 
Changing MODIFIED bugs to ON_QA.
Note You need to log in before you can comment on or make changes to this bug.