summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/dsinstance.py
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-03-14 16:27:19 -0400
committerRob Crittenden <rcritten@redhat.com>2011-03-15 14:09:57 -0400
commit861d1bbdca4793fb45fb233d236d3793cc23da36 (patch)
treeccb169d140cd119b07435b675ca11df8f7bff067 /ipaserver/install/dsinstance.py
parenta36bc4ee93d13c28f8edf2bb94eb4dbfc25be568 (diff)
downloadfreeipa-861d1bbdca4793fb45fb233d236d3793cc23da36.zip
freeipa-861d1bbdca4793fb45fb233d236d3793cc23da36.tar.gz
freeipa-861d1bbdca4793fb45fb233d236d3793cc23da36.tar.xz
Fix SELinux errors caused by enabling TLS on dogtag 389-ds instance.
This fixes 2 AVCS: * One because we are enabling port 7390 because an SSL port must be defined to use TLS On 7389. * We were symlinking to the main IPA 389-ds NSS certificate databsae. Instead generate a separate NSS database and certificate and have certmonger track it separately I also noticed some variable inconsistency in cainstance.py. Everywhere else we use self.fqdn and that was using self.host_name. I found it confusing so I fixed it. ticket 1085
Diffstat (limited to 'ipaserver/install/dsinstance.py')
-rw-r--r--ipaserver/install/dsinstance.py1
1 files changed, 1 insertions, 0 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 07e15cd..97b0f8c 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -497,6 +497,7 @@ class DsInstance(service.Service):
# We only handle one server cert
nickname = server_certs[0][0]
self.dercert = dsdb.get_cert_from_db(nickname)
+ dsdb.track_server_cert(nickname, self.principal, dsdb.passwd_fname)
else:
nickname = "Server-Cert"
cadb = certs.CertDB(self.realm_name, host_name=self.fqdn, subject_base=self.subject_base)