2 files changed, 19 insertions, 16 deletions

diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index c1035e98c..5aed0437f 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -483,15 +483,15 @@ def main():
                 if user_input("Do you want to remove old SRV and NS records?", False):
                     dm_password = read_password("Directory Manager", confirm=False, validate=False)
                     # Try out the password
+                    ldapuri = 'ldap://%s' % api.env.host
                     try:
-                        conn = ipaldap.IPAdmin(api.env.host)
-                        conn.do_simple_bind(bindpw=dm_password)
-                        conn.unbind()
-                    except (ldap.CONNECT_ERROR, ldap.SERVER_DOWN), e:
-                        sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
-                    except ldap.INVALID_CREDENTIALS, e :
+                        conn = ldap2(shared_instance=False, ldap_uri=ldapuri)
+                        conn.connect(bind_dn='cn=directory manager', bind_pw=dm_password)
+                    except errors.ACIError:
                         sys.exit("\nThe password provided is incorrect for LDAP server %s" % api.env.host)
-
+                    except errors.ExecutionError:
+                        sys.exit("\nUnable to connect to LDAP server %s" % api.env.host)
+                    conn.disconnect()
 
         return uninstall(not certs.ipa_self_signed(), dm_password)
 
@@ -846,7 +846,10 @@ try:
     except SystemExit, e:
         sys.exit(e)
     except Exception, e:
-        message = "Unexpected error - see ipaserver-install.log for details:\n %s" % str(e)
+        if options.uninstall:
+            message = "Unexpected error - see ipaserver-uninstall.log for details:\n %s" % str(e)
+        else
+            message = "Unexpected error - see ipaserver-install.log for details:\n %s" % str(e)
         print message
         message = str(e)
         for str in traceback.format_tb(sys.exc_info()[2]):
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index 33b85f352..d1c083f20 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -262,19 +262,19 @@ class ldap2(CrudBackend, Encoder):
         if tls_keyfile is not None:
             _ldap.set_option(_ldap.OPT_X_TLS_KEYFILE, tls_keyfile)
 
-        conn = _ldap.initialize(self.ldap_uri)
-        if ccache is not None:
-            try:
+        try:
+            conn = _ldap.initialize(self.ldap_uri)
+            if ccache is not None:
                 os.environ['KRB5CCNAME'] = ccache
                 conn.sasl_interactive_bind_s('', SASL_AUTH)
                 principal = krbV.CCache(name=ccache,
                             context=krbV.default_context()).principal().name
                 setattr(context, 'principal', principal)
-            except _ldap.LDAPError, e:
-                _handle_errors(e, **{})
-        else:
-            # no kerberos ccache, use simple bind
-            conn.simple_bind_s(bind_dn, bind_pw)
+            else:
+                # no kerberos ccache, use simple bind
+                conn.simple_bind_s(bind_dn, bind_pw)
+        except _ldap.LDAPError, e:
+            _handle_errors(e, **{})
         return conn
 
     def destroy_connection(self):