summaryrefslogtreecommitdiffstats
path: root/ipaserver/install
diff options
context:
space:
mode:
Diffstat (limited to 'ipaserver/install')
-rw-r--r--ipaserver/install/replication.py7
1 files changed, 5 insertions, 2 deletions
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 7e89eeb47..c8c5bc139 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -755,9 +755,12 @@ class ReplicationManager(object):
try:
# Validate AD connection
ad_conn = ldap.initialize('ldap://%s' % ipautil.format_netloc(ad_dc_name))
- #the next one is to workaround bugs arounf opendalp libs+NSS db
- ad_conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
+ # the next one is to workaround bugs arounf opendalp libs+NSS db
+ # we need to first specify the OPT_X_TLS_CACERTFILE and _after_
+ # that initialize the context to prevent TLS connection errors:
+ # https://bugzilla.redhat.com/show_bug.cgi?id=800787
ad_conn.set_option(ldap.OPT_X_TLS_CACERTFILE, cacert)
+ ad_conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
ad_conn.start_tls_s()
ad_conn.simple_bind_s(ad_binddn, ad_pwd)
res = ad_conn.search_s("", ldap.SCOPE_BASE, '(objectClass=*)',
generated by cgit (git 2.34.1) at 2024-06-13 06:06:35 +0000