URL:
https://github.com/freeipa/freeipa/pull/2299
Author: rcritten
Title: #2299: Retrieve certificate subject base directly instead of ipa-join
Action: opened
PR body:
"""
The subject base is used as a fallback to find the available
CA certificates during client enrollment if the LDAP connection
fails (e.g. due to new client connecting to very old server) and
for constructing the subject if a certificate is requested.
raw=True is passed to config-show in order to avoid parsing
the server roles which will fail because the services aren't
marked as enabled until after the client installation is
successful on a master.
ipa-join providing the subject base via stderr was fragile and
would cause client enrollment to fail if any other output was
included in stderr.
https://pagure.io/freeipa/issue/7674
Testing is handled by existing integration tests, both in plain installations and
--request-cert to ensure there is a subject base.
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2299/head:pr2299
git checkout pr2299