diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2013-10-16 08:08:57 +0000 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-25 16:54:55 +0100 |
| commit | babddaaee84fccca29926a6683347b5b6af8f081 (patch) | |
| tree | a8ee791a131ce53d7eb3038de6711f25e24ad13c /ipapython | |
| parent | bbb2af501678ba148b0c02daa39995a2b1c38e4e (diff) | |
| download | freeipa-babddaaee84fccca29926a6683347b5b6af8f081.tar.gz freeipa-babddaaee84fccca29926a6683347b5b6af8f081.tar.xz freeipa-babddaaee84fccca29926a6683347b5b6af8f081.zip | |
Use dogtag-ipa-ca-renew-agent to retrieve renewed certificates from LDAP.
Before, this was done by dogtag-ipa-retrieve-agent-submit.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'ipapython')
| -rw-r--r-- | ipapython/certmonger.py | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/ipapython/certmonger.py b/ipapython/certmonger.py index 03f4b2373..e7edc64f2 100644 --- a/ipapython/certmonger.py +++ b/ipapython/certmonger.py @@ -369,7 +369,7 @@ def get_pin(token, dogtag_constants=None): return None def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command, - post_command): + post_command, profile=None): """ Tell certmonger to start tracking a dogtag CA certificate. These are handled differently because their renewal must be done directly @@ -423,12 +423,9 @@ def dogtag_start_tracking(ca, nickname, pin, pinfile, secdir, pre_command, args.append("-P") args.append(pin) - if ca == 'dogtag-ipa-retrieve-agent-submit': - # We cheat and pass in the nickname as the profile when - # renewing on a clone. The submit otherwise doesn't pass in the - # nickname and we need some way to find the right entry in LDAP. + if profile: args.append("-T") - args.append(nickname) + args.append(profile) (stdout, stderr, returncode) = ipautil.run(args, nolog=[pin]) |