I re-run the upgrade script and that fixed it. Thank you very much Alexander!
On 27 February 2016 at 21:46, Alessandro De Maria < [email protected]> wrote: > Yes that looks exactly like it, thank you. > Are you aware of a workaround available? Like changing manually the CS.cfg? > > > On 27 February 2016 at 21:40, Alexander Bokovoy <[email protected]> > wrote: > >> On Sat, 27 Feb 2016, Alessandro De Maria wrote: >> >>> great that explains a lot! Thank you. >>> >>> My hunt for > 4.2.0 was just because in the release note for 4.2.1 it >>> had: >>> >>> - Various fixes for new Certificates Profiles feature >>> >>> >>> So I immediately assumed the problem I might be experiencing could be >>> fixed >>> by an upgrade (I have tried everything else I know) >>> >>> But thank you this is already very helpful. >>> >>> I hope I can find some other pointed to understand my issue then. >>> >> I think you are hitting https://fedorahosted.org/freeipa/ticket/5682 >> >> commit 704319c3eaf74e0531dd2aa1e5880db7b6ab830c >> Author: Martin Babinsky <[email protected]> >> Date: Mon Feb 22 13:35:41 2016 +0100 >> >> upgrade: unconditional import of certificate profiles into LDAP >> During IPA server upgrade, the migration of Dogtag profiles into >> LDAP >> backend was bound to the update of CS.cfg which enabled the LDAP >> profile >> subsystem. If the subsequent profile migration failed, the subsequent >> upgrades were not executing the migration code leaving CA subsystem in >> broken state. Therefore the migration code path should be executed >> regardless of the status of the main Dogtag config file. >> https://fedorahosted.org/freeipa/ticket/5682 >> Reviewed-By: Fraser Tweedale <[email protected]> >> Reviewed-By: Jan Cholasta <[email protected]> >> >> This should be part of 4.2.4 release and will eventually make into >> RHEL/CentOS updates. >> >> -- >> / Alexander Bokovoy >> > > > > -- > Alessandro De Maria > [email protected] > -- Alessandro De Maria [email protected]
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
