diff options
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/cainstance.py | 29 | ||||
-rw-r--r-- | ipaserver/plugins/ldap2.py | 4 |
2 files changed, 18 insertions, 15 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 001e6eb09..928d01e47 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -519,7 +519,6 @@ class CAInstance(service.Service): # Step 1 of external is getting a CSR so we don't need to do these # steps until we get a cert back from the external CA. if self.external != 1: - self.step("restarting certificate server", self.__restart_instance) if not self.clone: self.step("creating CA agent PKCS#12 file in /root", self.__create_ca_agent_pkcs12) self.step("creating RA agent certificate database", self.__create_ra_agent_db) @@ -557,7 +556,7 @@ class CAInstance(service.Service): '-redirect', 'conf=/etc/pki-ca', '-redirect', 'logs=/var/log/pki-ca', ] - ipautil.run(args) + ipautil.run(args, env={'PKI_HOSTNAME':self.fqdn}) def __enable(self): self.backup_state("enabled", self.is_enabled()) @@ -673,7 +672,7 @@ class CAInstance(service.Service): # Define the things we don't want logged nolog = (self.admin_password, self.dm_password,) - ipautil.run(args, nolog=nolog) + ipautil.run(args, env={'PKI_HOSTNAME':self.fqdn}, nolog=nolog) except ipautil.CalledProcessError, e: logging.critical("failed to configure ca instance %s" % e) raise RuntimeError('Configuration of CA failed') @@ -683,11 +682,22 @@ class CAInstance(service.Service): print "ipa-server-install --external_cert_file=/path/to/signed_certificate --external_ca_file=/path/to/external_ca_certificate" sys.exit(0) + # Turn off Nonces (again) + if installutils.update_file('/var/lib/pki-ca/conf/CS.cfg', 'ca.enableNonces=true', 'ca.enableNonces=false') != 0: + raise RuntimeError("Disabling nonces failed") + pent = pwd.getpwnam(PKI_USER) + os.chown('/var/lib/pki-ca/conf/CS.cfg', pent.pw_uid, pent.pw_gid ) + + # pkisilent makes a copy of the CA PKCS#12 file for us but gives + # it a lousy name. + if ipautil.file_exists("/root/tmp-ca.p12"): + shutil.move("/root/tmp-ca.p12", "/root/cacert.p12") + try: # After configuration the service is running and configured # but must be restarted for configuration to take effect. # The service status in this case will be 4. - self.restart() + self.__restart_instance() except ipautil.CalledProcessError, e: logging.critical("failed to restart ca instance after pkisilent configuration %s" % e) raise RuntimeError('Restarting CA after pkisilent configuration failed') @@ -702,17 +712,6 @@ class CAInstance(service.Service): logging.debug("completed creating ca instance") - # Turn off Nonces (again) - if installutils.update_file('/var/lib/pki-ca/conf/CS.cfg', 'ca.enableNonces=true', 'ca.enableNonces=false') != 0: - raise RuntimeError("Disabling nonces failed") - pent = pwd.getpwnam(PKI_USER) - os.chown('/var/lib/pki-ca/conf/CS.cfg', pent.pw_uid, pent.pw_gid ) - - # pkisilent makes a copy of the CA PKCS#12 file for us but gives - # it a lousy name. - if ipautil.file_exists("/root/tmp-ca.p12"): - shutil.move("/root/tmp-ca.p12", "/root/cacert.p12") - def __restart_instance(self): try: self.restart() diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index e4cc72de5..c37525203 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -160,6 +160,8 @@ def get_schema(url, conn=None): if conn is None: conn = _ldap.initialize(url) + if url.startswith('ldapi://'): + conn.set_option(_ldap.OPT_HOST_NAME, api.env.host) conn.sasl_interactive_bind_s('', SASL_AUTH) schema_entry = conn.search_s( @@ -321,6 +323,8 @@ class ldap2(CrudBackend, Encoder): try: conn = _ldap.initialize(self.ldap_uri) + if self.ldap_uri.startswith('ldapi://'): + conn.set_option(_ldap.OPT_HOST_NAME, api.env.host) if ccache is not None: os.environ['KRB5CCNAME'] = ccache conn.sasl_interactive_bind_s('', SASL_AUTH) |