URL: https://github.com/freeipa/freeipa/pull/355 Title: #355: Set up DS TLS on replica in CA-less topology
tomaskrizek commented: """ 89de60c was reveted because while it fixed this particular use case, it broke others. IIRC it broke regular replica promotion with CA. The proper fix is not yet ready, nor on the IPA side (#41 is a step in the right direction, but it also requires some more code fixes, especially properly closing some ad hoc LDAP connections), nor on the NSS side (ETA unknown). If this patch works and doesn't break other use cases, I would merge it and keep the ticket open. After the NSS bug is fixed, we can fix this properly. """ See the full comment at https://github.com/freeipa/freeipa/pull/355#issuecomment-268278842
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
