summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-02-24 14:45:46 -0500
committerAdam Young <ayoung@redhat.com>2011-02-24 15:23:16 -0500
commit99d6e0883af6759f80ddba01cbb1d90431929bfd (patch)
treedaf3f00fa153889e6a319ddfa10c0d5da7f22652
parent22a503785e737685d44278beb4c3d4e7ffba96bd (diff)
downloadfreeipa-99d6e0883af6759f80ddba01cbb1d90431929bfd.tar.gz
freeipa-99d6e0883af6759f80ddba01cbb1d90431929bfd.tar.xz
freeipa-99d6e0883af6759f80ddba01cbb1d90431929bfd.zip
Set SuiteSpotGroup when setting up our 389-ds instances.
The group is now required because 389-ds has tightened the permissions on /var/run/dirsrv. We use the same group for both our LDAP instances and /var/run/dirsrv ends up as root:dirsrv mode 0770. ticket 1010
-rw-r--r--ipaserver/install/cainstance.py4
-rw-r--r--ipaserver/install/dsinstance.py2
2 files changed, 5 insertions, 1 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 7cdd28d9..74d78dca 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -72,6 +72,7 @@ INF_TEMPLATE = """
[General]
FullMachineName= $FQHN
SuiteSpotUserID= $USER
+SuiteSpotGroup= $GROUP
ServerRoot= $SERVER_ROOT
[slapd]
ServerPort= $DSPORT
@@ -255,7 +256,8 @@ class CADSInstance(service.Service):
PASSWORD=self.dm_password, SUFFIX=self.suffix.lower(),
REALM=self.realm_name, USER=PKI_DS_USER,
SERVER_ROOT=server_root, DOMAIN=self.domain,
- TIME=int(time.time()), DSPORT=self.ds_port)
+ TIME=int(time.time()), DSPORT=self.ds_port,
+ GROUP=dsinstance.DS_GROUP)
def __create_ds_user(self):
user_exists = True
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index bf631a67..2bb083fb 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -149,6 +149,7 @@ INF_TEMPLATE = """
[General]
FullMachineName= $FQHN
SuiteSpotUserID= $USER
+SuiteSpotGroup= $GROUP
ServerRoot= $SERVER_ROOT
[slapd]
ServerPort= 389
@@ -319,6 +320,7 @@ class DsInstance(service.Service):
TIME=int(time.time()), IDSTART=self.idstart,
IDMAX=self.idmax, HOST=self.fqdn,
ESCAPED_SUFFIX= escape_dn_chars(self.suffix.lower()),
+ GROUP=DS_GROUP,
)
def __create_ds_user(self):