From 608851d3f86a9082b394c30fe0c7a7b33d43f363 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Mon, 13 Oct 2014 14:30:15 +0200
Subject: Check LDAP instead of local configuration to see if IPA CA is enabled

The check is done using a new hidden command ca_is_enabled.

https://fedorahosted.org/freeipa/ticket/4621

Reviewed-By: David Kupka <dkupka@redhat.com>
---
 ipalib/plugins/host.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'ipalib/plugins/host.py')

diff --git a/ipalib/plugins/host.py b/ipalib/plugins/host.py
index bbee09395..91fb75b87 100644
--- a/ipalib/plugins/host.py
+++ b/ipalib/plugins/host.py
@@ -721,7 +721,7 @@ class host_del(LDAPDelete):
                                             **delkw)
                             break
 
-        if self.api.env.enable_ra:
+        if self.api.Command.ca_is_enabled()['result']:
             try:
                 entry_attrs = ldap.get_entry(dn, ['usercertificate'])
             except errors.NotFound:
@@ -806,7 +806,7 @@ class host_mod(LDAPUpdate):
                 entry_attrs['objectclass'] = obj_classes
         cert = x509.normalize_certificate(entry_attrs.get('usercertificate'))
         if cert:
-            if self.api.env.enable_ra:
+            if self.api.Command.ca_is_enabled()['result']:
                 x509.verify_cert_subject(ldap, keys[-1], cert)
                 entry_attrs_old = ldap.get_entry(dn, ['usercertificate'])
                 oldcert = entry_attrs_old.single_value.get('usercertificate')
@@ -1084,7 +1084,7 @@ class host_disable(LDAPQuery):
             self.obj.handle_not_found(*keys)
         cert = entry_attrs.single_value.get('usercertificate')
         if cert:
-            if self.api.env.enable_ra:
+            if self.api.Command.ca_is_enabled()['result']:
                 cert = x509.normalize_certificate(cert)
                 try:
                     serial = unicode(x509.get_serial_number(cert, x509.DER))
-- 
cgit