diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-10-13 14:30:15 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-10-17 12:53:11 +0200 |
commit | 608851d3f86a9082b394c30fe0c7a7b33d43f363 (patch) | |
tree | 4e1e34c392d56672d22c7d8d00c0794163048119 /ipalib/plugins/host.py | |
parent | 6227ebb0cd2d8661d9233e26adb5e0bff7fe4c0d (diff) | |
download | freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.gz freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.xz freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.zip |
Check LDAP instead of local configuration to see if IPA CA is enabled
The check is done using a new hidden command ca_is_enabled.
https://fedorahosted.org/freeipa/ticket/4621
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipalib/plugins/host.py')
-rw-r--r-- | ipalib/plugins/host.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py index bbee09395..91fb75b87 100644 --- a/ipalib/plugins/host.py +++ b/ipalib/plugins/host.py @@ -721,7 +721,7 @@ class host_del(LDAPDelete): **delkw) break - if self.api.env.enable_ra: + if self.api.Command.ca_is_enabled()['result']: try: entry_attrs = ldap.get_entry(dn, ['usercertificate']) except errors.NotFound: @@ -806,7 +806,7 @@ class host_mod(LDAPUpdate): entry_attrs['objectclass'] = obj_classes cert = x509.normalize_certificate(entry_attrs.get('usercertificate')) if cert: - if self.api.env.enable_ra: + if self.api.Command.ca_is_enabled()['result']: x509.verify_cert_subject(ldap, keys[-1], cert) entry_attrs_old = ldap.get_entry(dn, ['usercertificate']) oldcert = entry_attrs_old.single_value.get('usercertificate') @@ -1084,7 +1084,7 @@ class host_disable(LDAPQuery): self.obj.handle_not_found(*keys) cert = entry_attrs.single_value.get('usercertificate') if cert: - if self.api.env.enable_ra: + if self.api.Command.ca_is_enabled()['result']: cert = x509.normalize_certificate(cert) try: serial = unicode(x509.get_serial_number(cert, x509.DER)) |