URL:
https://github.com/freeipa/freeipa/pull/2326
Author: flo-renaud
Title: #2326: ipa-replica-install: fix pkinit setup
Action: opened
PR body:
"""
### ipa-replica-install: fix pkinit setup
commit 7284097 (Delay enabling services until end of installer)
introduced a regression in replica installation.
When the replica requests a cert for PKINIT, a check is done
to ensure that the hostname corresponds to a machine with a
KDC service enabled (ipaconfigstring attribute of
cn=KDC,cn=<hostname>,cn=masters,cn=ipa,cn=etc,$BASEDN must contain
'enabledService').
With the commit mentioned above, the service is set to enabled only
at the end of the installation.
The fix makes a less strict check, ensuring that 'enabledService'
or 'configuredService' is in ipaconfigstring.
Fixes:
https://pagure.io/freeipa/issue/7566
### Tests: test successful PKINIT install on replica
Add a test checking that ipa-replica-install successfully configures
PKINIT on the replica
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2326/head:pr2326
git checkout pr2326