)]}'
{"deploy-guide/source/features/tls-everywhere.rst":[{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"4c1a678b3d3d87252d6b24f31566c66f17c07314","unresolved":false,"context_lines":[{"line_number":89,"context_line":""},{"line_number":90,"context_line":"Please refer to ``ipa-server-install --help`` for specifics on each argument."},{"line_number":91,"context_line":""},{"line_number":92,"context_line":"Also, you will need to configure IPA to immediaely publish a CRL, and restart"},{"line_number":93,"context_line":"IPA.::"},{"line_number":94,"context_line":""},{"line_number":95,"context_line":"    sed -i -e \\"}],"source_content_type":"text/x-rst","patch_set":1,"id":"ff570b3c_01c70566","line":92,"range":{"start_line":92,"start_character":40,"end_line":92,"end_character":50},"updated":"2020-05-18 17:36:23.000000000","message":"nit: immediately*\n\nWe could update this to say:\n\n\"By default, FreeIPA doesn\u0027t publish it\u0027s Certificate Revocation List on startup. This is required for overclouds nodes to retrieve certificates from FreeIPA.\"","commit_id":"4939165af0e9969b7d9b144c3a6a10038fd96c66"},{"author":{"_account_id":5046,"name":"Lance Bragstad","email":"lbragstad@redhat.com","username":"ldbragst"},"change_message_id":"4c1a678b3d3d87252d6b24f31566c66f17c07314","unresolved":false,"context_lines":[{"line_number":101,"context_line":"ACL to allow for the proper generation of certificates with a IP SAN.::"},{"line_number":102,"context_line":""},{"line_number":103,"context_line":"    cat \u003c\u003c EOF | ldapmodify -x -D \"cn\u003dDirectory Manager\" -w $DIRECTORY_MANAGER_PASSWORD"},{"line_number":104,"context_line":"    dn: cn\u003ddns,dc\u003dredhat,dc\u003dlocal"},{"line_number":105,"context_line":"    changetype: modify"},{"line_number":106,"context_line":"    add: aci"},{"line_number":107,"context_line":"    aci: (targetattr \u003d \"aaaarecord || arecord || cnamerecord || idnsname || objectclass || ptrrecord\")(targetfilter \u003d \"(\u0026(objectclass\u003didnsrecord)(|(aaaarecord\u003d*)(arecord\u003d*)(cnamerecord\u003d*)(ptrrecord\u003d*)(idnsZoneActive\u003dTRUE)))\")(version 3.0; acl \"Allow hosts to read DNS A/AAA/CNAME/PTR records\"; allow (read,search,compare) userdn \u003d \"ldap:///fqdn\u003d*,cn\u003dcomputers,cn\u003daccounts,dc\u003dredhat,dc\u003dlocal\";)"}],"source_content_type":"text/x-rst","patch_set":1,"id":"ff570b3c_81af957b","line":104,"range":{"start_line":104,"start_character":18,"end_line":104,"end_character":24},"updated":"2020-05-18 17:36:23.000000000","message":"I think this should be example?","commit_id":"4939165af0e9969b7d9b144c3a6a10038fd96c66"}]}