diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-06-12 10:23:19 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-07-30 16:04:21 +0200 |
commit | 82d682fa6413fc2532e9f3f9dd4abb1c70c40f8a (patch) | |
tree | be4382c5867061a294d9b32004b22931295104a6 /ipaserver/install/dsinstance.py | |
parent | 88706c56745faa430ff00d2f1c5f0605b5af29ef (diff) | |
download | freeipa-82d682fa6413fc2532e9f3f9dd4abb1c70c40f8a.tar.gz freeipa-82d682fa6413fc2532e9f3f9dd4abb1c70c40f8a.tar.xz freeipa-82d682fa6413fc2532e9f3f9dd4abb1c70c40f8a.zip |
Import CA certs from certificate store to DS NSS database on replica install.
Part of https://fedorahosted.org/freeipa/ticket/3259
Part of https://fedorahosted.org/freeipa/ticket/3520
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipaserver/install/dsinstance.py')
-rw-r--r-- | ipaserver/install/dsinstance.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 6aaa14891..242e04d99 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -384,6 +384,7 @@ class DsInstance(service.Service): # See LDIFs for automember configuration during replica install self.step("setting Auto Member configuration", self.__add_replica_automember_config) self.step("enabling S4U2Proxy delegation", self.__setup_s4u2proxy) + self.step("importing CA certificates from LDAP", self.__import_ca_certs) self.__common_post_setup() @@ -716,6 +717,18 @@ class DsInstance(service.Service): conn.unbind() + def __import_ca_certs(self): + dirname = config_dirname(self.serverid) + dsdb = certs.CertDB(self.realm, nssdir=dirname, + subject_base=self.subject_base) + + conn = ipaldap.IPAdmin(self.fqdn) + conn.do_simple_bind(DN(('cn', 'directory manager')), self.dm_password) + + self.import_ca_certs(dsdb, self.ca_is_configured, conn) + + conn.unbind() + def __add_default_layout(self): self._ldap_mod("bootstrap-template.ldif", self.sub_dict) |