On 06/07/2013 08:57 AM, Jan Cholasta wrote:
Yes, this is correct. The DS certificate must be directly signed by the CA trusted by IPA (specified by --root-ca-cert in ipa-server-install), there may be no intermediate CAs, because ldapsearch and friends and python-ldap don't like them.
That doesn't sound right. Do we understand why a chain length > 1 is failing?
John _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
