diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2015-05-12 12:31:46 +0000 |
---|---|---|
committer | Alexander Bokovoy <abokovoy@redhat.com> | 2015-07-07 10:33:53 +0300 |
commit | b850385e6bdfd727cb5a801ae4f341dbd93331fe (patch) | |
tree | df20c821c136bc05eeda01e37271d7a0e7bb9438 /ipaserver/install/server | |
parent | b7a3b206deb3257b3a78939f0d2a6a114e48b758 (diff) | |
download | freeipa-b850385e6bdfd727cb5a801ae4f341dbd93331fe.tar.gz freeipa-b850385e6bdfd727cb5a801ae4f341dbd93331fe.tar.xz freeipa-b850385e6bdfd727cb5a801ae4f341dbd93331fe.zip |
ipa-adtrust-install: add IPA master host principal to adtrust agents
Fixes https://fedorahosted.org/freeipa/ticket/4951
Diffstat (limited to 'ipaserver/install/server')
-rw-r--r-- | ipaserver/install/server/upgrade.py | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 740f04634..84a5b06ac 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -18,6 +18,7 @@ import ipalib.errors from ipaplatform import services from ipaplatform.tasks import tasks from ipapython import ipautil, sysrestore, version, certdb +from ipapython import ipaldap from ipapython.ipa_log_manager import * from ipapython import certmonger from ipapython import dogtag @@ -1254,6 +1255,18 @@ def update_mod_nss_protocol(http): sysupgrade.set_upgrade_state('nss.conf', 'protocol_updated_tls12', True) +def ds_enable_sidgen_extdom_plugins(ds): + """For AD trust agents, make sure we enable sidgen and extdom plugins + """ + root_logger.info('[Enable sidgen and extdom plugins by default]') + + if sysupgrade.get_upgrade_state('ds', 'enable_ds_sidgen_extdom_plugins'): + root_logger.info('sidgen and extdom plugins are enabled already') + return + + ds._add_sidgen_plugin() + ds._add_extdom_plugin() + sysupgrade.set_upgrade_state('ds', 'enable_ds_sidgen_extdom_plugins', True) def ca_upgrade_schema(ca): root_logger.info('[Upgrading CA schema]') @@ -1412,6 +1425,14 @@ def upgrade_configuration(): remove_ds_ra_cert(subject_base) ds.start(ds_serverid) + # Force enabling plugins via LDAPI and external bind + ds.ldapi = True + ds.autobind = ipaldap.AUTOBIND_ENABLED + ds.fqdn = fqdn + ds.realm = api.env.realm + ds.suffix = ipautil.realm_to_suffix(api.env.realm) + ds_enable_sidgen_extdom_plugins(ds) + uninstall_selfsign(ds, http) simple_service_list = ( |