diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-03-24 15:30:53 +0100 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-07-30 16:04:21 +0200 |
commit | 9e188574a552e8ece47a181763afa891a4e45bc6 (patch) | |
tree | da1ab3b84ebed4966fdd020649fdd308bbd93b9f /ipaserver | |
parent | 2f6990c256bc04389a9653094bc15bb94832bffa (diff) | |
download | freeipa-9e188574a552e8ece47a181763afa891a4e45bc6.tar.gz freeipa-9e188574a552e8ece47a181763afa891a4e45bc6.tar.xz freeipa-9e188574a552e8ece47a181763afa891a4e45bc6.zip |
Add method for setting CA renewal master in LDAP to CAInstance.
Allow checking and setting CA renewal master for non-local CA instances.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/cainstance.py | 41 |
1 files changed, 38 insertions, 3 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index f0aef7558..7e2572d97 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1609,12 +1609,15 @@ class CAInstance(service.Service): return True return False - def is_renewal_master(self): + def is_renewal_master(self, fqdn=None): + if fqdn is None: + fqdn = api.env.host + if not self.admin_conn: self.ldap_connect() - dn = DN(('cn', 'CA'), ('cn', api.env.host), ('cn', 'masters'), - ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) + dn = DN(('cn', 'CA'), ('cn', fqdn), ('cn', 'masters'), ('cn', 'ipa'), + ('cn', 'etc'), api.env.basedn) filter = '(ipaConfigString=caRenewalMaster)' try: self.admin_conn.get_entries(base_dn=dn, filter=filter, @@ -1624,6 +1627,38 @@ class CAInstance(service.Service): return True + def set_renewal_master(self, fqdn=None): + if fqdn is None: + fqdn = api.env.host + + if not self.admin_conn: + self.ldap_connect() + + base_dn = DN(('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), + api.env.basedn) + filter = '(&(cn=CA)(ipaConfigString=caRenewalMaster))' + try: + entries = self.admin_conn.get_entries( + base_dn=base_dn, filter=filter, attrs_list=['ipaConfigString']) + except errors.NotFound: + entries = [] + + dn = DN(('cn', 'CA'), ('cn', fqdn), base_dn) + master_entry = self.admin_conn.get_entry(dn, ['ipaConfigString']) + + for entry in entries: + if master_entry is not None and entry.dn == master_entry.dn: + master_entry = None + continue + + entry['ipaConfigString'] = [x for x in entry['ipaConfigString'] + if x.lower() != 'carenewalmaster'] + self.admin_conn.update_entry(entry) + + if master_entry is not None: + master_entry['ipaConfigString'].append('caRenewalMaster') + self.admin_conn.update_entry(master_entry) + def replica_ca_install_check(config): if not config.setup_ca: |