Add method for setting CA renewal master in LDAP to CAInstance.

Allow checking and setting CA renewal master for non-local CA instances. Reviewed-By: Rob Crittenden <rcritten@redhat.com>
author: Jan Cholasta <jcholast@redhat.com> 2014-03-24 15:30:53 +0100
committer: Petr Viktorin <pviktori@redhat.com> 2014-07-30 16:04:21 +0200
commit: 9e188574a552e8ece47a181763afa891a4e45bc6 (patch)
tree: da1ab3b84ebed4966fdd020649fdd308bbd93b9f /ipaserver
parent: 2f6990c256bc04389a9653094bc15bb94832bffa (diff)
download: freeipa-9e188574a552e8ece47a181763afa891a4e45bc6.tar.gz
freeipa-9e188574a552e8ece47a181763afa891a4e45bc6.tar.xz
freeipa-9e188574a552e8ece47a181763afa891a4e45bc6.zip
1 files changed, 38 insertions, 3 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index f0aef7558..7e2572d97 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1609,12 +1609,15 @@ class CAInstance(service.Service):
             return True
         return False
 
-    def is_renewal_master(self):
+    def is_renewal_master(self, fqdn=None):
+        if fqdn is None:
+            fqdn = api.env.host
+
         if not self.admin_conn:
             self.ldap_connect()
 
-        dn = DN(('cn', 'CA'), ('cn', api.env.host), ('cn', 'masters'),
-                ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
+        dn = DN(('cn', 'CA'), ('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'),
+                ('cn', 'etc'), api.env.basedn)
         filter = '(ipaConfigString=caRenewalMaster)'
         try:
             self.admin_conn.get_entries(base_dn=dn, filter=filter,
@@ -1624,6 +1627,38 @@ class CAInstance(service.Service):
 
         return True
 
+    def set_renewal_master(self, fqdn=None):
+        if fqdn is None:
+            fqdn = api.env.host
+
+        if not self.admin_conn:
+            self.ldap_connect()
+
+        base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'),
+                     api.env.basedn)
+        filter = '(&(cn=CA)(ipaConfigString=caRenewalMaster))'
+        try:
+            entries = self.admin_conn.get_entries(
+                base_dn=base_dn, filter=filter, attrs_list=['ipaConfigString'])
+        except errors.NotFound:
+            entries = []
+
+        dn = DN(('cn', 'CA'), ('cn', fqdn), base_dn)
+        master_entry = self.admin_conn.get_entry(dn, ['ipaConfigString'])
+
+        for entry in entries:
+            if master_entry is not None and entry.dn == master_entry.dn:
+                master_entry = None
+                continue
+
+            entry['ipaConfigString'] = [x for x in entry['ipaConfigString']
+                                        if x.lower() != 'carenewalmaster']
+            self.admin_conn.update_entry(entry)
+
+        if master_entry is not None:
+            master_entry['ipaConfigString'].append('caRenewalMaster')
+            self.admin_conn.update_entry(master_entry)
+
 
 def replica_ca_install_check(config):
     if not config.setup_ca:
author	Jan Cholasta <jcholast@redhat.com>	2014-03-24 15:30:53 +0100
committer	Petr Viktorin <pviktori@redhat.com>	2014-07-30 16:04:21 +0200
commit	9e188574a552e8ece47a181763afa891a4e45bc6 (patch)
tree	da1ab3b84ebed4966fdd020649fdd308bbd93b9f /ipaserver
parent	2f6990c256bc04389a9653094bc15bb94832bffa (diff)
download	freeipa-9e188574a552e8ece47a181763afa891a4e45bc6.tar.gz freeipa-9e188574a552e8ece47a181763afa891a4e45bc6.tar.xz freeipa-9e188574a552e8ece47a181763afa891a4e45bc6.zip