diff options
author | Rob Crittenden <rcritten@redhat.com> | 2009-09-14 17:04:08 -0400 |
---|---|---|
committer | Jason Gerard DeRose <jderose@redhat.com> | 2009-09-24 17:45:49 -0600 |
commit | d0587cbdd5bc5e07a6e8519deb07adaace643740 (patch) | |
tree | aa6b96e33337a809687ab025ec4d2a392ca757f0 /ipaserver/install/dsinstance.py | |
parent | 4f4d57cd30ac7169e18a8e2e22e62d8bdda083c4 (diff) | |
download | freeipa-d0587cbdd5bc5e07a6e8519deb07adaace643740.tar.gz freeipa-d0587cbdd5bc5e07a6e8519deb07adaace643740.tar.xz freeipa-d0587cbdd5bc5e07a6e8519deb07adaace643740.zip |
Enrollment for a host in an IPA domain
This will create a host service principal and may create a host entry (for
admins). A keytab will be generated, by default in /etc/krb5.keytab
If no kerberos credentails are available then enrollment over LDAPS is used
if a password is provided.
This change requires that openldap be used as our C LDAP client. It is much
easier to do SSL using openldap than mozldap (no certdb required). Otherwise
we'd have to write a slew of extra code to create a temporary cert database,
import the CA cert, ...
Diffstat (limited to 'ipaserver/install/dsinstance.py')
-rw-r--r-- | ipaserver/install/dsinstance.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index eb0356289..ea9f26da2 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -172,6 +172,7 @@ class DsInstance(service.Service): self.step("enabling memberof plugin", self.__add_memberof_module) self.step("enabling referential integrity plugin", self.__add_referint_module) self.step("enabling winsync plugin", self.__add_winsync_module) + self.step("enabling IPA enrollment plugin", self.__add_enrollment_module) self.step("enabling ldapi", self.__enable_ldapi) self.step("configuring uniqueness plugin", self.__set_unique_attrs) self.step("creating indices", self.__create_indices) @@ -316,6 +317,9 @@ class DsInstance(service.Service): def __add_winsync_module(self): self._ldap_mod("ipa-winsync-conf.ldif") + def __add_enrollment_module(self): + self._ldap_mod("enrollment-conf.ldif", self.sub_dict) + def __enable_ssl(self): dirname = config_dirname(self.serverid) dsdb = certs.CertDB(dirname) |