URL: https://github.com/freeipa/freeipa/pull/2299 Author: rcritten Title: #2299: Retrieve certificate subject base directly instead of ipa-join Action: opened PR body: """ The subject base is used as a fallback to find the available CA certificates during client enrollment if the LDAP connection fails (e.g. due to new client connecting to very old server) and for constructing the subject if a certificate is requested. raw=True is passed to config-show in order to avoid parsing the server roles which will fail because the services aren't marked as enabled until after the client installation is successful on a master. ipa-join providing the subject base via stderr was fragile and would cause client enrollment to fail if any other output was included in stderr. https://pagure.io/freeipa/issue/7674 Testing is handled by existing integration tests, both in plain installations and --request-cert to ensure there is a subject base. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2299/head:pr2299 git checkout pr2299