diff options
Diffstat (limited to 'ipaserver/install')
-rw-r--r-- | ipaserver/install/replication.py | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 7e89eeb47..c8c5bc139 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -755,9 +755,12 @@ class ReplicationManager(object): try: # Validate AD connection ad_conn = ldap.initialize('ldap://%s' % ipautil.format_netloc(ad_dc_name)) - #the next one is to workaround bugs arounf opendalp libs+NSS db - ad_conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0) + # the next one is to workaround bugs arounf opendalp libs+NSS db + # we need to first specify the OPT_X_TLS_CACERTFILE and _after_ + # that initialize the context to prevent TLS connection errors: + # https://bugzilla.redhat.com/show_bug.cgi?id=800787 ad_conn.set_option(ldap.OPT_X_TLS_CACERTFILE, cacert) + ad_conn.set_option(ldap.OPT_X_TLS_NEWCTX, 0) ad_conn.start_tls_s() ad_conn.simple_bind_s(ad_binddn, ad_pwd) res = ad_conn.search_s("", ldap.SCOPE_BASE, '(objectClass=*)', |