nsslapd-lastmod attributes are not getting populated in Directory Server 7.1 when updated from CS7.1
Environment
Red Hat Directory Server 7.1
Red Hat Certificate System 7.1
Issue
- Whenever CRLs are updated, the nsslapd-lastmod attributes are not being populated
- The attributes not being populated are
- modifiersname
- modifytimestamp
- creatorsname
- createtimestamp
Resolution
This is the result of Bug 462922, which will be fixed in an upcoming CD8.1 errata. For DS7.1, use cn=tasks for imports
Root Cause
bug 462922
Diagnostic Steps
A new Root CA is planned to sign and be the trust point for new CAs that are installed on secure networks. In order to accommodate and differentiate these CAs (and their CRLs) from the CAs (and CRLs) that chain to the old Root CA, they created another backend to the "CRL" directory server instance. Therefore the CRL instance is now managing two backends.
The problem that backend was successfully created with no errors reported and CA entries are created. Whenever the CRLs are updated, the CRL attribute is also updated successfully. However, the nsslapd-lastmod attributes are not being populated. That is -
modifiersname
modifytimestamp
creatorsname
createtimestamp
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments