diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-03-14 16:27:19 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-03-15 14:09:57 -0400 |
commit | 861d1bbdca4793fb45fb233d236d3793cc23da36 (patch) | |
tree | ccb169d140cd119b07435b675ca11df8f7bff067 /ipaserver/install/service.py | |
parent | a36bc4ee93d13c28f8edf2bb94eb4dbfc25be568 (diff) | |
download | freeipa-861d1bbdca4793fb45fb233d236d3793cc23da36.tar.gz freeipa-861d1bbdca4793fb45fb233d236d3793cc23da36.tar.xz freeipa-861d1bbdca4793fb45fb233d236d3793cc23da36.zip |
Fix SELinux errors caused by enabling TLS on dogtag 389-ds instance.
This fixes 2 AVCS:
* One because we are enabling port 7390 because an SSL port must be
defined to use TLS On 7389.
* We were symlinking to the main IPA 389-ds NSS certificate databsae.
Instead generate a separate NSS database and certificate and have
certmonger track it separately
I also noticed some variable inconsistency in cainstance.py. Everywhere
else we use self.fqdn and that was using self.host_name. I found it
confusing so I fixed it.
ticket 1085
Diffstat (limited to 'ipaserver/install/service.py')
-rw-r--r-- | ipaserver/install/service.py | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py index e97b78167..253c0f054 100644 --- a/ipaserver/install/service.py +++ b/ipaserver/install/service.py @@ -187,6 +187,25 @@ class Service: self.admin_conn.addEntry(entry) return newdn + def add_simple_service(self, principal): + """ + Add a very basic IPA service. + + The principal needs to be fully-formed: service/host@REALM + """ + if not self.admin_conn: + self.ldap_connect() + + dn = "krbprincipalname=%s,cn=services,cn=accounts,%s" % (principal, self.suffix) + hostdn = "fqdn=%s,cn=computers,cn=accounts,%s" % (self.fqdn, self.suffix) + entry = ipaldap.Entry(dn) + entry.setValues("objectclass", ["krbprincipal", "krbprincipalaux", "krbticketpolicyaux", "ipaobject", "ipaservice", "pkiuser"]) + entry.setValue("krbprincipalname", principal) + entry.setValue("ipauniqueid", 'autogenerate') + entry.setValue("managedby", hostdn) + self.admin_conn.addEntry(entry) + return dn + def add_cert_to_service(self): """ Add a certificate to a service |