diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2015-05-11 23:38:41 -0400 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-06-04 08:27:33 +0000 |
| commit | ba075b195c5c6a78416f15fb06c765858a0b2069 (patch) | |
| tree | ba423711de6beacc9ceaaa04febc3996669f7054 /ipaserver/install | |
| parent | 300b74fc7fb2a5ce540b2d21189794a5b2db88b1 (diff) | |
| download | freeipa-ba075b195c5c6a78416f15fb06c765858a0b2069.tar.gz freeipa-ba075b195c5c6a78416f15fb06c765858a0b2069.tar.xz freeipa-ba075b195c5c6a78416f15fb06c765858a0b2069.zip | |
Enable LDAP-based profiles in CA on upgrade
Part of: https://fedorahosted.org/freeipa/ticket/4560
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipaserver/install')
| -rw-r--r-- | ipaserver/install/server/upgrade.py | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 0ea6bd7b4..820533d6f 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -299,6 +299,45 @@ def ca_configure_profiles_acl(ca): return cainstance.configure_profiles_acl() +def ca_enable_ldap_profile_subsystem(ca): + root_logger.info('[Ensuring CA is using LDAPProfileSubsystem]') + if not ca.is_configured(): + root_logger.info('CA is not configured') + return False + + caconfig = dogtag.configured_constants() + + needs_update = False + directive = None + try: + for i in range(15): + directive = "subsystem.{}.class".format(i) + value = installutils.get_directive( + caconfig.CS_CFG_PATH, + directive, + separator='=') + if value == 'com.netscape.cmscore.profile.ProfileSubsystem': + needs_update = True + break + except OSError, e: + root_logger.error('Cannot read CA configuration file "%s": %s', + caconfig.CS_CFG_PATH, e) + return False + + if needs_update: + installutils.set_directive( + caconfig.CS_CFG_PATH, + directive, + 'com.netscape.cmscore.profile.LDAPProfileSubsystem', + quotes=False, + separator='=') + + # TODO import file-based profiles into Dogtag + # More code needed on Dogtag side for this. + + return needs_update + + def upgrade_ipa_profile(ca, domain, fqdn): """ Update the IPA Profile provided by dogtag @@ -1381,6 +1420,7 @@ def upgrade_configuration(): certificate_renewal_update(ca), ca_enable_pkix(ca), ca_configure_profiles_acl(ca), + ca_enable_ldap_profile_subsystem(ca), ]) if ca_restart: |