From 7b7160452130a203622a7b0fd30e984add87ed87 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Thu, 17 Feb 2011 22:53:53 -0500 Subject: Fix NSS initialization errors during ipa-replica-prepare When enabling replication we make an SSL connection. I think the way this goes is python-ldap -> openldap -> NSS. It may be a problem in the openldap SSL client, maybe it isn't calling NSS_Shutdown(). In any case if we use ldapi instead the problem goes away. Back out the temporary code to ignore nss_shutdown errors. ticket 965 --- ipapython/nsslib.py | 6 +----- ipaserver/install/replication.py | 2 +- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/ipapython/nsslib.py b/ipapython/nsslib.py index fad65a373..129f1a0c5 100644 --- a/ipapython/nsslib.py +++ b/ipapython/nsslib.py @@ -126,11 +126,7 @@ class NSSConnection(httplib.HTTPConnection): if nss.nss_is_initialized(): # close any open NSS database and use the new one ssl.clear_session_cache() - try: - nss.nss_shutdown() - except NSPRError, e: - # FIXME: errors shouldn't be raised here - logging.debug('nss_shutdown: %s', str(e)) + nss.nss_shutdown() nss.nss_init(dbdir) ssl.set_domestic_policy() nss.set_password_callback(self.password_callback) diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 0bf0e218a..81581974a 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -60,7 +60,7 @@ def enable_replication_version_checking(hostname, realm, dirman_passwd): enabled then enable it and restart 389-ds. If it is enabled the do nothing. """ - conn = ipaldap.IPAdmin(hostname, port=PORT, cacert=CACERT) + conn = ipaldap.IPAdmin(hostname, realm=realm, ldapi=True) if dirman_passwd: conn.do_simple_bind(bindpw=dirman_passwd) else: -- cgit