diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2015-06-16 07:38:06 -0400 |
---|---|---|
committer | Tomas Babej <tbabej@redhat.com> | 2015-07-01 12:28:12 +0200 |
commit | 3827137b32756f5b23092adb573c5e254b007c14 (patch) | |
tree | 9318eab646d9f26b9a7c080def1310c4543fcec7 /ipaserver/install/server | |
parent | 6e641e8d184f799817c5c830b33aff40b576640e (diff) | |
download | freeipa-3827137b32756f5b23092adb573c5e254b007c14.tar.gz freeipa-3827137b32756f5b23092adb573c5e254b007c14.tar.xz freeipa-3827137b32756f5b23092adb573c5e254b007c14.zip |
Migrate CA profiles after enabling LDAPProfileSubsystem
After enabling LDAPProfileSubsystem in Dogtag, migrate the
file-based profiles into the LDAP database.
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipaserver/install/server')
-rw-r--r-- | ipaserver/install/server/upgrade.py | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 4a9f0128a..740f04634 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -333,8 +333,8 @@ def ca_enable_ldap_profile_subsystem(ca): quotes=False, separator='=') - # TODO import file-based profiles into Dogtag - # More code needed on Dogtag side for this. + ca.restart(dogtag.configured_constants().PKI_INSTANCE_NAME) + cainstance.migrate_profiles_to_ldap() return needs_update @@ -1479,7 +1479,6 @@ def upgrade_configuration(): certificate_renewal_update(ca), ca_enable_pkix(ca), ca_configure_profiles_acl(ca), - ca_enable_ldap_profile_subsystem(ca), ]) if ca_restart: @@ -1489,6 +1488,8 @@ def upgrade_configuration(): except ipautil.CalledProcessError as e: root_logger.error("Failed to restart %s: %s", ca.service_name, e) + ca_enable_ldap_profile_subsystem(ca) + # This step MUST be done after ca_enable_ldap_profile_subsystem and # ca_configure_profiles_acl, and the consequent restart, but does not # itself require a restart. |