summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/bindinstance.py
diff options
context:
space:
mode:
authorAlexander Bokovoy <abokovoy@redhat.com>2012-07-13 18:12:48 +0300
committerMartin Kosek <mkosek@redhat.com>2012-07-31 17:44:35 +0200
commit68d5fe1ec7d785f127b3513f84cc632cdb1f9167 (patch)
treec0723e680c929f19f4fd2cb61eb7dfd93287d267 /ipaserver/install/bindinstance.py
parent16ca564b1004eb672fe4ca3573e542f5a3ce014b (diff)
downloadfreeipa-68d5fe1ec7d785f127b3513f84cc632cdb1f9167.tar.gz
freeipa-68d5fe1ec7d785f127b3513f84cc632cdb1f9167.tar.xz
freeipa-68d5fe1ec7d785f127b3513f84cc632cdb1f9167.zip
Ensure ipa-adtrust-install is run with Kerberos ticket for admin user
When setting up AD trusts support, ipa-adtrust-install utility needs to be run as: - root, for performing Samba configuration and using LDAPI/autobind - kinit-ed IPA admin user, to ensure proper ACIs are granted to fetch keytab As result, we can get rid of Directory Manager credentials in ipa-adtrust-install https://fedorahosted.org/freeipa/ticket/2815
Diffstat (limited to 'ipaserver/install/bindinstance.py')
-rw-r--r--ipaserver/install/bindinstance.py2
1 files changed, 1 insertions, 1 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index c348cdbb2..f320202ea 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -448,7 +448,7 @@ class DnsBackup(object):
class BindInstance(service.Service):
def __init__(self, fstore=None, dm_password=None):
- service.Service.__init__(self, "named", dm_password=dm_password)
+ service.Service.__init__(self, "named", dm_password=dm_password, ldapi=False, autobind=service.DISABLED)
self.dns_backup = DnsBackup(self)
self.named_user = None
self.domain = None
generated by cgit (git 2.34.1) at 2024-05-27 16:09:22 +0000