Check LDAP instead of local configuration to see if IPA CA is enabled

The check is done using a new hidden command ca_is_enabled.

https://fedorahosted.org/freeipa/ticket/4621

Reviewed-By: David Kupka <dkupka@redhat.com>

1 files changed, 3 insertions, 3 deletions

diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index 0ea8cf24d..3934b0372 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -234,9 +234,6 @@ def install_master(safe_options, options):
     api.bootstrap(in_server=True)
     api.finalize()
 
-    if api.env.enable_ra:
-        sys.exit("CA is already installed.\n")
-
     dm_password = options.password
     if not dm_password:
         if options.unattended:
@@ -251,6 +248,9 @@ def install_master(safe_options, options):
     api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')),
                               bind_pw=dm_password)
 
+    if api.Command.ca_is_enabled()['result']:
+        sys.exit("CA is already installed.\n")
+
     config = api.Command['config_show']()['result']
     subject_base = config['ipacertificatesubjectbase'][0]