2 files changed, 12 insertions, 2 deletions

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 2544e167b..bf631a67f 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -249,6 +249,7 @@ class DsInstance(service.Service):
         self.step("adding replication acis", self.__add_replication_acis)
         self.step("configuring user private groups", self.__user_private_groups)
         self.step("configuring netgroups from hostgroups", self.__host_nis_groups)
+        self.step("creating default SUDO bind user", self.__add_sudo_binduser)
         if hbac_allow:
             self.step("creating default HBAC rule allow_all", self.add_hbac)
 
@@ -311,6 +312,7 @@ class DsInstance(service.Service):
         server_root = find_server_root()
         self.sub_dict = dict(FQHN=self.fqdn, SERVERID=self.serverid,
                              PASSWORD=self.dm_password,
+                             RANDOM_PASSWORD=self.generate_random(),
                              SUFFIX=self.suffix.lower(),
                              REALM=self.realm_name, USER=DS_USER,
                              SERVER_ROOT=server_root, DOMAIN=self.domain,
@@ -475,6 +477,9 @@ class DsInstance(service.Service):
     def __add_enrollment_module(self):
         self._ldap_mod("enrollment-conf.ldif", self.sub_dict)
 
+    def generate_random(self):
+        return ipautil.ipa_generate_password()
+
     def __enable_ssl(self):
         dirname = config_dirname(self.serverid)
         dsdb = certs.CertDB(self.realm_name, nssdir=dirname, subject_base=self.subject_base)
@@ -735,6 +740,9 @@ class DsInstance(service.Service):
     def __root_autobind(self):
         self._ldap_mod("root-autobind.ldif")
 
+    def __add_sudo_binduser(self):
+        self._ldap_mod("sudobind.ldif", self.sub_dict)
+
     def replica_populate(self):
         self.ldap_connect()
 
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 1235eaffd..41b221419 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -127,7 +127,7 @@ class Service:
         fd = None
         path = ipautil.SHARE_DIR + ldif
         hostname = installutils.get_fqdn()
-        nologlist=()
+        nologlist=[]
 
         if sub_dict is not None:
             txt = ipautil.template_file(path, sub_dict)
@@ -136,7 +136,9 @@ class Service:
 
             # do not log passwords
             if sub_dict.has_key('PASSWORD'):
-                nologlist = sub_dict['PASSWORD'],
+                nologlist.append(sub_dict['PASSWORD'])
+            if sub_dict.has_key('RANDOM_PASSWORD'):
+                nologlist.append(sub_dict['RANDOM_PASSWORD'])
 
         if self.dm_password:
             [pw_fd, pw_name] = tempfile.mkstemp()