Can we add the CA mastery or CA replica to an IPA v4 server that is a replica and later
promote to CA mastery? We have a IPA v3 server that has been the only CA master for
several years. We have a recent IPAv4 replica that was set up without DNS or CA or NTP at
the point of creation, so only the LDAP is in the replication agreement. We are trying to
retire the IPA v3 servers and have a new replication pair in IPA v4 without breaking the
realm and all our clients and users records. We keep running into walls and roadblocks as
we try to build a procedure we can execute in an off-hours maintenance window.
Steven Auerbach
Assistant Director of Information Systems
Information Technology & Security
State University System of Florida
Board of Governors
325 W. Gaines Street
Tallahassee, Florida 32399
(850) 245-9592
www.flbog.edu<http://www.flbog.edu/>
[Graphic for Email]