From 861d1bbdca4793fb45fb233d236d3793cc23da36 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 14 Mar 2011 16:27:19 -0400 Subject: Fix SELinux errors caused by enabling TLS on dogtag 389-ds instance. This fixes 2 AVCS: * One because we are enabling port 7390 because an SSL port must be defined to use TLS On 7389. * We were symlinking to the main IPA 389-ds NSS certificate databsae. Instead generate a separate NSS database and certificate and have certmonger track it separately I also noticed some variable inconsistency in cainstance.py. Everywhere else we use self.fqdn and that was using self.host_name. I found it confusing so I fixed it. ticket 1085 --- ipaserver/install/dsinstance.py | 1 + 1 file changed, 1 insertion(+) (limited to 'ipaserver/install/dsinstance.py') diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 07e15cdf0..97b0f8c04 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -497,6 +497,7 @@ class DsInstance(service.Service): # We only handle one server cert nickname = server_certs[0][0] self.dercert = dsdb.get_cert_from_db(nickname) + dsdb.track_server_cert(nickname, self.principal, dsdb.passwd_fname) else: nickname = "Server-Cert" cadb = certs.CertDB(self.realm_name, host_name=self.fqdn, subject_base=self.subject_base) -- cgit