[Freeipa-devel] [freeipa PR#1008][opened] Fix ipa-server-upgrade: This entry already exists

URL: https://github.com/freeipa/freeipa/pull/1008 Author: flo-renaud Title: #1008: Fix ipa-server-upgrade: This entry already exists Action: opened PR body: """ ipa-server-upgrade fails when running the ipaload_cacrt plugin. The plugin finds all CA certificates in /etc/httpd/alias and uploads them in LDAP below cn=certificates,cn=ipa,cn=etc,$BASEDN. The issue happens because there is already an entry in LDAP for IPA CA, but with a different DN. The nickname in /etc/httpd/alias can differ from $DOMAIN IPA CA. To avoid the issue: 1/ during upgrade, run a new plugin that removes duplicates and restarts ldap (to make sure that uniqueness attr plugin is working after the new plugin) 2/ modify upload_cacert plugin so that it is using $DOMAIN IPA CA instead of cn=$nickname,cn=ipa,cn=etc,$BASEDN when uploading IPA CA. https://pagure.io/freeipa/issue/7125 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1008/head:pr1008 git checkout pr1008