install: We do not need a ldap password anymore

Our new ipa-kdb driver access ldap via ldapi:// and EXTERNAL auth and doesn't
need a bind password anymore.

Fixes: https://fedorahosted.org/freeipa/ticket/1743

3 files changed, 3 insertions, 11 deletions

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 6b97e0e93..a7c28c1ad 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -129,7 +129,6 @@ def install_replica_ds(config):
 
 def install_krb(config, setup_pkinit=False):
     krb = krbinstance.KrbInstance()
-    ldappwd_filename = config.dir + "/ldappwd"
     kpasswd_filename = config.dir + "/kpasswd.keytab"
 
     #pkinit files
@@ -141,7 +140,7 @@ def install_krb(config, setup_pkinit=False):
     krb.create_replica(config.realm_name,
                        config.master_host_name, config.host_name,
                        config.domain_name, config.dirman_password,
-                       ldappwd_filename, kpasswd_filename,
+                       kpasswd_filename,
                        setup_pkinit, pkcs12_info)
 
 def install_ca_cert(config):
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index 0c88244b3..647252e49 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -214,7 +214,6 @@ def copy_files(realm_name, dir):
     config_dir = dsinstance.config_dirname(dsinstance.realm_to_serverid(realm_name))
 
     try:
-        shutil.copy("/var/kerberos/krb5kdc/ldappwd", dir + "/ldappwd")
         shutil.copy("/var/kerberos/krb5kdc/kpasswd.keytab", dir + "/kpasswd.keytab")
         shutil.copy("/usr/share/ipa/html/ca.crt", dir + "/ca.crt")
         if ipautil.file_exists("/usr/share/ipa/html/preferences.html"):
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 9956b9fb7..1f499006e 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -183,13 +183,12 @@ class KrbInstance(service.Service):
     def create_replica(self, realm_name,
                        master_fqdn, host_name,
                        domain_name, admin_password,
-                       ldap_passwd_filename, kpasswd_filename,
+                       kpasswd_filename,
                        setup_pkinit=False, pkcs12_info=None,
                        self_signed_ca=False, subject_base=None):
         self.pkcs12_info = pkcs12_info
         self.self_signed_ca = self_signed_ca
         self.subject_base = subject_base
-        self.__copy_ldap_passwd(ldap_passwd_filename)
         self.__copy_kpasswd_keytab(kpasswd_filename)
         self.master_fqdn = master_fqdn
 
@@ -212,11 +211,6 @@ class KrbInstance(service.Service):
         self.kpasswd = KpasswdInstance()
         self.kpasswd.create_instance('KPASSWD', self.fqdn, self.admin_password, self.suffix)
 
-    def __copy_ldap_passwd(self, filename):
-        self.fstore.backup_file("/var/kerberos/krb5kdc/ldappwd")
-        shutil.copy(filename, "/var/kerberos/krb5kdc/ldappwd")
-        os.chmod("/var/kerberos/krb5kdc/ldappwd", 0600)
-
     def __copy_kpasswd_keytab(self, filename):
         self.fstore.backup_file("/var/kerberos/krb5kdc/kpasswd.keytab")
         shutil.copy(filename, "/var/kerberos/krb5kdc/kpasswd.keytab")
@@ -463,7 +457,7 @@ class KrbInstance(service.Service):
         except:
             pass
 
-        for f in ["/var/kerberos/krb5kdc/ldappwd", "/var/kerberos/krb5kdc/kdc.conf", "/etc/krb5.conf"]:
+        for f in ["/var/kerberos/krb5kdc/kdc.conf", "/etc/krb5.conf"]:
             try:
                 self.fstore.restore_file(f)
             except ValueError, error: