768284 – Update dogtag ports when upgrading proxy config

Bug 768284 - Update dogtag ports when upgrading proxy config

Summary: Update dogtag ports when upgrading proxy config

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	6.3
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Rob Crittenden
QA Contact:	IDM QE LIST
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-12-16 08:38 UTC by Martin Kosek
Modified:	2012-02-22 18:09 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-02-22 18:09:53 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Martin Kosek 2011-12-16 08:38:16 UTC

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/2148

The proxy script failed to do is update the security domain entry stored in ldap for the master. This leaves the ports as 9xxx so if you go to create a clone against that server you'll get an invalid clone_uri error.

You can fix this by going into ldap and changing the relevant security domain entries for all the CA's that have been converted to use the proxy to use the proxy ports instead.  They will be under ou=security domain, $basedn.  They will basically all be 443, except for UnscurePort which will be 80.

Comment 1 Rob Crittenden 2012-02-22 18:09:53 UTC

This only happens when upgrading from 2.0 to 2.1. Since we don't support this in RHEL closing as won't fix.

Note You need to log in before you can comment on or make changes to this bug.