path: root/ipaserver/install/
diff options
authorRob Crittenden <>2011-03-14 16:27:19 -0400
committerRob Crittenden <>2011-03-15 14:09:57 -0400
commit861d1bbdca4793fb45fb233d236d3793cc23da36 (patch)
treeccb169d140cd119b07435b675ca11df8f7bff067 /ipaserver/install/
parenta36bc4ee93d13c28f8edf2bb94eb4dbfc25be568 (diff)
Fix SELinux errors caused by enabling TLS on dogtag 389-ds instance.
This fixes 2 AVCS: * One because we are enabling port 7390 because an SSL port must be defined to use TLS On 7389. * We were symlinking to the main IPA 389-ds NSS certificate databsae. Instead generate a separate NSS database and certificate and have certmonger track it separately I also noticed some variable inconsistency in Everywhere else we use self.fqdn and that was using self.host_name. I found it confusing so I fixed it. ticket 1085
Diffstat (limited to 'ipaserver/install/')
1 files changed, 1 insertions, 0 deletions
diff --git a/ipaserver/install/ b/ipaserver/install/
index 07e15cd..97b0f8c 100644
--- a/ipaserver/install/
+++ b/ipaserver/install/
@@ -497,6 +497,7 @@ class DsInstance(service.Service):
# We only handle one server cert
nickname = server_certs[0][0]
self.dercert = dsdb.get_cert_from_db(nickname)
+ dsdb.track_server_cert(nickname, self.principal, dsdb.passwd_fname)
nickname = "Server-Cert"
cadb = certs.CertDB(self.realm_name, host_name=self.fqdn, subject_base=self.subject_base)