diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-09-02 11:28:16 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-09-09 10:36:50 +0200 |
commit | 3acec1267ea3e1f4faa8757d384386d8035dd6cf (patch) | |
tree | af9595d9e1d389747096ecb748a3ac712b0e83e6 | |
parent | d2793a3ca50bc8a0788da4b6c26f1afdf52fada5 (diff) | |
download | freeipa-3acec1267ea3e1f4faa8757d384386d8035dd6cf.tar.gz freeipa-3acec1267ea3e1f4faa8757d384386d8035dd6cf.tar.xz freeipa-3acec1267ea3e1f4faa8757d384386d8035dd6cf.zip |
Use autobind when updating CA people entries during certificate renewal
Requires fix for <https://bugzilla.redhat.com/show_bug.cgi?id=1122110>, bump
selinux-policy in the spec file.
https://fedorahosted.org/freeipa/ticket/4005
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
-rw-r--r-- | freeipa.spec.in | 2 | ||||
-rw-r--r-- | ipaserver/install/cainstance.py | 14 |
2 files changed, 4 insertions, 12 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index 1b9f3b5ac..8aa156c8b 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -109,7 +109,7 @@ Requires: dbus-python Requires: systemd-units >= 38 Requires(pre): systemd-units Requires(post): systemd-units -Requires: selinux-policy >= 3.12.1-176 +Requires: selinux-policy >= 3.12.1-179 Requires(post): selinux-policy-base Requires: slapi-nis >= 0.47.7 Requires: pki-ca >= 10.1.1 diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index b6342a508..a18312227 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1754,23 +1754,15 @@ def update_people_entry(dercert): issuer = x509.get_issuer(dercert, datatype=x509.DER) attempts = 0 - configured_constants = dogtag.configured_constants(api) - dogtag_uri = 'ldap://localhost:%d' % configured_constants.DS_PORT + server_id = dsinstance.realm_to_serverid(api.env.realm) + dogtag_uri = 'ldapi://%%2fvar%%2frun%%2fslapd-%s.socket' % server_id updated = False - try: - dm_password = certmonger.get_pin('internaldb') - except IOError, e: - syslog.syslog( - syslog.LOG_ERR, 'Unable to determine PIN for CA instance: %s' % e) - return False - while attempts < 10: conn = None try: conn = ldap2.ldap2(shared_instance=False, ldap_uri=dogtag_uri) - conn.connect( - bind_dn=DN(('cn', 'directory manager')), bind_pw=dm_password) + conn.connect(autobind=True) db_filter = conn.make_filter( {'description': ';%s;%s' % (issuer, subject)}, |