diff options
author | Simo Sorce <ssorce@redhat.com> | 2008-08-11 16:15:30 -0400 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2008-08-13 15:36:57 -0400 |
commit | f5177e6b84a44d417e0e37df40fe92f62de9262d (patch) | |
tree | 0f3c76c38cdc45fda14582d29fbc1b500ef6bec8 /ipa-server/ipaserver | |
parent | 0d6b6fa084830c9c93ee2a53707b6697f6cbcfa9 (diff) | |
download | freeipa-f5177e6b84a44d417e0e37df40fe92f62de9262d.tar.gz freeipa-f5177e6b84a44d417e0e37df40fe92f62de9262d.tar.xz freeipa-f5177e6b84a44d417e0e37df40fe92f62de9262d.zip |
Install the ca.crt file early on so that we can always enforce SSL
protected connections to other LDAP servers
Fix error reporting on replica creation.
Diffstat (limited to 'ipa-server/ipaserver')
-rw-r--r-- | ipa-server/ipaserver/ipaldap.py | 2 | ||||
-rw-r--r-- | ipa-server/ipaserver/replication.py | 22 |
2 files changed, 9 insertions, 15 deletions
diff --git a/ipa-server/ipaserver/ipaldap.py b/ipa-server/ipaserver/ipaldap.py index 04e86680c..3006d479b 100644 --- a/ipa-server/ipaserver/ipaldap.py +++ b/ipa-server/ipaserver/ipaldap.py @@ -270,7 +270,9 @@ class IPAdmin(SimpleLDAPObject): ldap.set_option(ldap.OPT_DEBUG_LEVEL,255) if cacert is not None: ldap.set_option(ldap.OPT_X_TLS_CACERTFILE,cacert) + if bindcert is not None: ldap.set_option(ldap.OPT_X_TLS_CERTFILE,bindcert) + if bindkey is not None: ldap.set_option(ldap.OPT_X_TLS_KEYFILE,bindkey) self.__wrapmethods() diff --git a/ipa-server/ipaserver/replication.py b/ipa-server/ipaserver/replication.py index d8bb60066..d3b1551c8 100644 --- a/ipa-server/ipaserver/replication.py +++ b/ipa-server/ipaserver/replication.py @@ -24,6 +24,7 @@ from ldap import modlist from ipa import ipaerror DIRMAN_CN = "cn=directory manager" +CACERT="/usr/share/ipa/html/ca.crt" PORT = 636 TIMEOUT = 120 @@ -32,13 +33,9 @@ class ReplicationManager: def __init__(self, hostname, dirman_passwd): self.hostname = hostname self.dirman_passwd = dirman_passwd - try: - self.conn = ipaldap.IPAdmin(hostname) - self.conn.do_simple_bind(bindpw=dirman_passwd) - except ldap.CONNECT_ERROR, e: - return None - except ldap.SERVER_DOWN, e: - return None + + self.conn = ipaldap.IPAdmin(hostname, port=PORT, cacert=CACERT) + self.conn.do_simple_bind(bindpw=dirman_passwd) self.repl_man_passwd = dirman_passwd @@ -175,7 +172,7 @@ class ReplicationManager: logging.debug("failed to find mappting tree entry for %s" % self.suffix) raise e - return entry + return entry def enable_chain_on_update(self, bename): @@ -301,13 +298,8 @@ class ReplicationManager: - the directory manager password needs to be the same on both directories. """ - try: - other_conn = ipaldap.IPAdmin(other_hostname) - other_conn.do_simple_bind(bindpw=self.dirman_passwd) - except ldap.CONNECT_ERROR, e: - return None - except ldap.SERVER_DOWN, e: - return None + other_conn = ipaldap.IPAdmin(other_hostname, port=PORT, cacert=CACERT) + other_conn.do_simple_bind(bindpw=self.dirman_passwd) self.suffix = ipaldap.IPAdmin.normalizeDN(dsinstance.realm_to_suffix(realm_name)) |