Removing a server from the tree NDSPKI:SD Key Server DN

A procedural question:

I've run SDIDIAG and my servers are well-behaved in regards to keys. (Thanks to AB for the TKInfo Tool (v2)!)

I have nine servers listed under the NDSPKI:SD Key Server DN attribute of the W0. I am cleaning out old servers, and a number of them are in this list. I'll still have at least two servers left to do key duty after removing the old ones, so I'm not concerned about that.

My question is: should I delete a given server from the Key Server DN list before I remove that server from the tree? Or does removing the server from the tree do that as part of its cleanup?

Thanks in advance for the help -

Karla B
  • On 04/07/2016 11:26 AM, kborecky wrote:
    >
    > A procedural question:
    >
    > I've run SDIDIAG and my servers are well-behaved in regards to keys.
    > (Thanks to AB for the TKInfo Tool (v2)!)


    You're welcome.

    > I have nine servers listed under the *NDSPKI:SD Key Server DN* attribute
    > of the W0. I am cleaning out old servers, and a number of them are in
    > this list. I'll still have at least two servers left to do key duty
    > after removing the old ones, so I'm not concerned about that.
    >
    > My question is: should I delete a given server from the Key Server DN
    > list before I remove that server from the tree? Or does removing the
    > server from the tree do that as part of its cleanup?


    No, this attribute is of type DN, so when you delete the NCP Server
    objects from the tree, this will auto-clean. Sure, you can clean ahead of
    time, but it's probably not worth the effort, or risk of accidentally
    deleting something unintended.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...
  • Thank you - that's what I figured. And yes - duh - a DN is going to clear out when the object goes away, of course.