diff options
Diffstat (limited to 'ipa-client/ipaclient/ipa_certupdate.py')
-rw-r--r-- | ipa-client/ipaclient/ipa_certupdate.py | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/ipa-client/ipaclient/ipa_certupdate.py b/ipa-client/ipaclient/ipa_certupdate.py index ff16b9b7a..7ef11d058 100644 --- a/ipa-client/ipaclient/ipa_certupdate.py +++ b/ipa-client/ipaclient/ipa_certupdate.py @@ -27,7 +27,7 @@ from ipapython import (admintool, ipautil, ipaldap, sysrestore, dogtag, from ipaplatform import services from ipaplatform.paths import paths from ipaplatform.tasks import tasks -from ipalib import api, x509, certstore +from ipalib import api, errors, x509, certstore class CertUpdate(admintool.AdminTool): @@ -59,10 +59,26 @@ class CertUpdate(admintool.AdminTool): principal = str('host/%s@%s' % (api.env.host, api.env.realm)) ipautil.kinit_hostprincipal(paths.KRB5_KEYTAB, tmpdir, principal) + api.Backend.rpcclient.connect() + try: + result = api.Backend.rpcclient.forward( + 'ca_is_enabled', + version=u'2.0', + ) + ca_enabled = result['result'] + except errors.CommandError: + result = api.Backend.rpcclient.forward( + 'env', + server=True, + version=u'2.0', + ) + ca_enabled = result['result']['enable_ra'] + api.Backend.rpcclient.disconnect() + ldap.do_sasl_gssapi_bind() certs = certstore.get_ca_certs(ldap, api.env.basedn, - api.env.realm, api.env.enable_ra) + api.env.realm, ca_enabled) finally: shutil.rmtree(tmpdir) |