summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/service.py
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2014-10-13 14:30:15 +0200
committerMartin Kosek <mkosek@redhat.com>2014-10-17 12:53:11 +0200
commit608851d3f86a9082b394c30fe0c7a7b33d43f363 (patch)
tree4e1e34c392d56672d22c7d8d00c0794163048119 /ipalib/plugins/service.py
parent6227ebb0cd2d8661d9233e26adb5e0bff7fe4c0d (diff)
downloadfreeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.gz
freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.xz
freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.zip
Check LDAP instead of local configuration to see if IPA CA is enabled
The check is done using a new hidden command ca_is_enabled. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipalib/plugins/service.py')
-rw-r--r--ipalib/plugins/service.py4
1 files changed, 2 insertions, 2 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index 3ca5066f3..55f412625 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -486,7 +486,7 @@ class service_del(LDAPDelete):
# custom services allow them to manage them.
(service, hostname, realm) = split_principal(keys[-1])
check_required_principal(ldap, hostname, service)
- if self.api.env.enable_ra:
+ if self.api.Command.ca_is_enabled()['result']:
try:
entry_attrs = ldap.get_entry(dn, ['usercertificate'])
except errors.NotFound:
@@ -676,7 +676,7 @@ class service_disable(LDAPQuery):
done_work = False
if 'usercertificate' in entry_attrs:
- if self.api.env.enable_ra:
+ if self.api.Command.ca_is_enabled()['result']:
cert = x509.normalize_certificate(entry_attrs.get('usercertificate')[0])
try:
serial = unicode(x509.get_serial_number(cert, x509.DER))
generated by cgit (git 2.34.1) at 2024-06-09 01:30:24 +0000