Support initializing memberof during replication re-init using GSSAPI

The last step of a replication re-initiailization is to run the
memberof task. The current function would only authenticate using simple
auth to monitor the task but we may be doing this using admin GSSAPI
credentials so support that type of bind as well.

In short this fixes:
 # kinit admin
 # ipa-replica-manage re-initialize --from=master.example.com

https://fedorahosted.org/freeipa/ticket/1248

1 files changed, 4 insertions, 1 deletions

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 4a0e913f9..845e1e253 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -441,7 +441,10 @@ class DsInstance(service.Service):
         dn = "cn=IPA install %s,cn=memberof task,cn=tasks,cn=config" % self.sub_dict["TIME"]
         logging.debug("Waiting for memberof task to complete.")
         conn = ipaldap.IPAdmin("127.0.0.1")
-        conn.simple_bind_s("cn=directory manager", self.dm_password)
+        if self.dm_password:
+            conn.simple_bind_s("cn=directory manager", self.dm_password)
+        else:
+            conn.do_sasl_gssapi_bind()
         conn.checkTask(dn, dowait=True)
         conn.unbind()