diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2013-08-29 08:44:43 +0200 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2013-08-29 10:18:32 +0200 |
| commit | 7c66912824fbc2a4a2d1daf603b204fd7321bd8f (patch) | |
| tree | e895472ce408be070738038527b7fb257cec2255 | |
| parent | 9b200c7c728604018bc56638a3d5e86c29d69099 (diff) | |
| download | freeipa-7c66912824fbc2a4a2d1daf603b204fd7321bd8f.tar.gz freeipa-7c66912824fbc2a4a2d1daf603b204fd7321bd8f.tar.xz freeipa-7c66912824fbc2a4a2d1daf603b204fd7321bd8f.zip | |
Fix service-disable in CA-less install.
https://fedorahosted.org/freeipa/ticket/3886
| -rw-r--r-- | ipalib/plugins/service.py | 41 |
1 files changed, 21 insertions, 20 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index b10054f0d..0a49d8d3d 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -624,27 +624,28 @@ class service_disable(LDAPQuery): done_work = False if 'usercertificate' in entry_attrs: - cert = x509.normalize_certificate(entry_attrs.get('usercertificate')[0]) - try: - serial = unicode(x509.get_serial_number(cert, x509.DER)) + if self.api.env.enable_ra: + cert = x509.normalize_certificate(entry_attrs.get('usercertificate')[0]) try: - result = api.Command['cert_show'](unicode(serial))['result'] - if 'revocation_reason' not in result: - try: - api.Command['cert_revoke'](unicode(serial), revocation_reason=4) - except errors.NotImplementedError: - # some CA's might not implement revoke - pass - except errors.NotImplementedError: - # some CA's might not implement revoke - pass - except NSPRError, nsprerr: - if nsprerr.errno == -8183: - # If we can't decode the cert them proceed with - # disabling the service - self.log.info("Problem decoding certificate %s" % nsprerr.args[1]) - else: - raise nsprerr + serial = unicode(x509.get_serial_number(cert, x509.DER)) + try: + result = api.Command['cert_show'](unicode(serial))['result'] + if 'revocation_reason' not in result: + try: + api.Command['cert_revoke'](unicode(serial), revocation_reason=4) + except errors.NotImplementedError: + # some CA's might not implement revoke + pass + except errors.NotImplementedError: + # some CA's might not implement revoke + pass + except NSPRError, nsprerr: + if nsprerr.errno == -8183: + # If we can't decode the cert them proceed with + # disabling the service + self.log.info("Problem decoding certificate %s" % nsprerr.args[1]) + else: + raise nsprerr # Remove the usercertificate altogether ldap.update_entry(dn, {'usercertificate': None}) |