diff options
| -rw-r--r-- | ipa-server/ipa-install/ipa-replica-prepare | 2 | ||||
| -rw-r--r-- | ipa-server/ipa-upgradeconfig | 15 |
2 files changed, 16 insertions, 1 deletions
diff --git a/ipa-server/ipa-install/ipa-replica-prepare b/ipa-server/ipa-install/ipa-replica-prepare index 07a21826e..eb962b4c1 100644 --- a/ipa-server/ipa-install/ipa-replica-prepare +++ b/ipa-server/ipa-install/ipa-replica-prepare @@ -155,10 +155,10 @@ def copy_files(realm_name, dir): try: shutil.copy("/var/kerberos/krb5kdc/ldappwd", dir + "/ldappwd") shutil.copy("/var/kerberos/krb5kdc/kpasswd.keytab", dir + "/kpasswd.keytab") + shutil.copy("/usr/share/ipa/html/ca.crt", dir + "/ca.crt") if ipautil.file_exists("/usr/share/ipa/html/preferences.html"): shutil.copy("/usr/share/ipa/html/preferences.html", dir + "/preferences.html") shutil.copy("/usr/share/ipa/html/configure.jar", dir + "/configure.jar") - shutil.copy(config_dir + "/cacert.asc", dir + "/ca.crt") except Exception, e: print "error copying files: " + str(e) sys.exit(1) diff --git a/ipa-server/ipa-upgradeconfig b/ipa-server/ipa-upgradeconfig index 9f2c6cb92..48c4117d2 100644 --- a/ipa-server/ipa-upgradeconfig +++ b/ipa-server/ipa-upgradeconfig @@ -84,6 +84,16 @@ def upgrade(sub_dict, filename, template): update_conf(sub_dict, filename, template) print "Upgraded %s to version %d" % (filename, new) +def check_certs(realm_name): + """Check ca.crt is in the right place, and try to fix if not""" + if not os.path.exists("/usr/share/ipa/html/ca.crt"): + ca_file = "/etc/dirsrv/slapd-" + ("-".join(realm_name.split("."))) + "/cacert.asc" + if os.path.exists(ca_file): + shutil.copyfile(ca_file, "/usr/share/ipa/html/ca.crt") + else: + print "Missing Certification Authority file." + print "You should place a copy of the CA certificate in /usr/share/ipa/html/ca.crt" + def main(): try: krbctx = krbV.default_context() @@ -92,6 +102,11 @@ def main(): sys.exit(1) try: + check_certs(krbctx.default_realm) + except Error, e: + print "Failed to check CA certificate: %s" % e + + try: fqdn = find_hostname() except IOError: # ipa-rewrite.conf doesn't exist, nothing to do |