summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-02-17 22:53:53 -0500
committerRob Crittenden <rcritten@redhat.com>2011-02-18 10:00:03 -0500
commit7b7160452130a203622a7b0fd30e984add87ed87 (patch)
treedc9c1aa47bca148126e7fef6a94ecf6e464a9123
parentb7700ea815222b4de80741ad77b31707051300bd (diff)
downloadfreeipa-7b7160452130a203622a7b0fd30e984add87ed87.zip
freeipa-7b7160452130a203622a7b0fd30e984add87ed87.tar.gz
freeipa-7b7160452130a203622a7b0fd30e984add87ed87.tar.xz
Fix NSS initialization errors during ipa-replica-prepare
When enabling replication we make an SSL connection. I think the way this goes is python-ldap -> openldap -> NSS. It may be a problem in the openldap SSL client, maybe it isn't calling NSS_Shutdown(). In any case if we use ldapi instead the problem goes away. Back out the temporary code to ignore nss_shutdown errors. ticket 965
-rw-r--r--ipapython/nsslib.py6
-rw-r--r--ipaserver/install/replication.py2
2 files changed, 2 insertions, 6 deletions
diff --git a/ipapython/nsslib.py b/ipapython/nsslib.py
index fad65a3..129f1a0 100644
--- a/ipapython/nsslib.py
+++ b/ipapython/nsslib.py
@@ -126,11 +126,7 @@ class NSSConnection(httplib.HTTPConnection):
if nss.nss_is_initialized():
# close any open NSS database and use the new one
ssl.clear_session_cache()
- try:
- nss.nss_shutdown()
- except NSPRError, e:
- # FIXME: errors shouldn't be raised here
- logging.debug('nss_shutdown: %s', str(e))
+ nss.nss_shutdown()
nss.nss_init(dbdir)
ssl.set_domestic_policy()
nss.set_password_callback(self.password_callback)
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 0bf0e21..8158197 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -60,7 +60,7 @@ def enable_replication_version_checking(hostname, realm, dirman_passwd):
enabled then enable it and restart 389-ds. If it is enabled
the do nothing.
"""
- conn = ipaldap.IPAdmin(hostname, port=PORT, cacert=CACERT)
+ conn = ipaldap.IPAdmin(hostname, realm=realm, ldapi=True)
if dirman_passwd:
conn.do_simple_bind(bindpw=dirman_passwd)
else: