diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-10-13 14:30:15 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-10-17 12:53:11 +0200 |
commit | 608851d3f86a9082b394c30fe0c7a7b33d43f363 (patch) | |
tree | 4e1e34c392d56672d22c7d8d00c0794163048119 /ipalib/plugins/service.py | |
parent | 6227ebb0cd2d8661d9233e26adb5e0bff7fe4c0d (diff) | |
download | freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.gz freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.xz freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.zip |
Check LDAP instead of local configuration to see if IPA CA is enabled
The check is done using a new hidden command ca_is_enabled.
https://fedorahosted.org/freeipa/ticket/4621
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipalib/plugins/service.py')
-rw-r--r-- | ipalib/plugins/service.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py index 3ca5066f3..55f412625 100644 --- a/ipalib/plugins/service.py +++ b/ipalib/plugins/service.py @@ -486,7 +486,7 @@ class service_del(LDAPDelete): # custom services allow them to manage them. (service, hostname, realm) = split_principal(keys[-1]) check_required_principal(ldap, hostname, service) - if self.api.env.enable_ra: + if self.api.Command.ca_is_enabled()['result']: try: entry_attrs = ldap.get_entry(dn, ['usercertificate']) except errors.NotFound: @@ -676,7 +676,7 @@ class service_disable(LDAPQuery): done_work = False if 'usercertificate' in entry_attrs: - if self.api.env.enable_ra: + if self.api.Command.ca_is_enabled()['result']: cert = x509.normalize_certificate(entry_attrs.get('usercertificate')[0]) try: serial = unicode(x509.get_serial_number(cert, x509.DER)) |