diff options
Diffstat (limited to 'ipaserver/install/dsinstance.py')
-rw-r--r-- | ipaserver/install/dsinstance.py | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index f91d69b7..a5334845 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -165,7 +165,7 @@ class DsInstance(service.Service): self.sub_dict = None self.domain = domain_name self.serverid = None - self.host_name = None + self.fqdn = None self.pkcs12_info = None self.ds_user = None self.dercert = None @@ -177,19 +177,19 @@ class DsInstance(service.Service): else: self.suffix = None - def create_instance(self, ds_user, realm_name, host_name, domain_name, dm_password, pkcs12_info=None, self_signed_ca=False, uidstart=1100, gidstart=1100, subject_base=None, hbac_allow=True): + def create_instance(self, ds_user, realm_name, fqdn, domain_name, dm_password, pkcs12_info=None, self_signed_ca=False, uidstart=1100, gidstart=1100, subject_base=None, hbac_allow=True): self.ds_user = ds_user self.realm_name = realm_name.upper() self.serverid = realm_to_serverid(self.realm_name) self.suffix = util.realm_to_suffix(self.realm_name) - self.host_name = host_name + self.fqdn = fqdn self.dm_password = dm_password self.domain = domain_name self.pkcs12_info = pkcs12_info self.self_signed_ca = self_signed_ca self.uidstart = uidstart self.gidstart = gidstart - self.principal = "ldap/%s@%s" % (self.host_name, self.realm_name) + self.principal = "ldap/%s@%s" % (self.fqdn, self.realm_name) self.subject_base = subject_base self.__setup_sub_dict() @@ -232,12 +232,12 @@ class DsInstance(service.Service): def __setup_sub_dict(self): server_root = find_server_root() - self.sub_dict = dict(FQHN=self.host_name, SERVERID=self.serverid, + self.sub_dict = dict(FQHN=self.fqdn, SERVERID=self.serverid, PASSWORD=self.dm_password, SUFFIX=self.suffix.lower(), REALM=self.realm_name, USER=self.ds_user, SERVER_ROOT=server_root, DOMAIN=self.domain, TIME=int(time.time()), UIDSTART=self.uidstart, - GIDSTART=self.gidstart, HOST=self.host_name, + GIDSTART=self.gidstart, HOST=self.fqdn, ESCAPED_SUFFIX= escape_dn_chars(self.suffix.lower()), ) @@ -356,7 +356,7 @@ class DsInstance(service.Service): def __config_uidgid_gen_first_master(self): if (self.uidstart == self.gidstart and - has_managed_entries(self.host_name, self.dm_password)): + has_managed_entries(self.fqdn, self.dm_password)): self._ldap_mod("dna-upg.ldif", self.sub_dict) else: self._ldap_mod("dna-posix.ldif", self.sub_dict) @@ -377,7 +377,7 @@ class DsInstance(service.Service): self._ldap_mod("version-conf.ldif") def __user_private_groups(self): - if has_managed_entries(self.host_name, self.dm_password): + if has_managed_entries(self.fqdn, self.dm_password): self._ldap_mod("user_private_groups.ldif", self.sub_dict) def __add_enrollment_module(self): @@ -397,17 +397,19 @@ class DsInstance(service.Service): self.dercert = dsdb.get_cert_from_db(nickname) else: nickname = "Server-Cert" - cadb = certs.CertDB(httpinstance.NSS_DIR, host_name=self.host_name, subject_base=self.subject_base) + cadb = certs.CertDB(httpinstance.NSS_DIR, host_name=self.fqdn, subject_base=self.subject_base) if self.self_signed_ca: cadb.create_self_signed() dsdb.create_from_cacert(cadb.cacert_fname, passwd=None) - self.dercert = dsdb.create_server_cert("Server-Cert", self.host_name, cadb) + self.dercert = dsdb.create_server_cert("Server-Cert", self.fqdn, cadb) + dsdb.track_server_cert("Server-Cert", self.principal, dsdb.passwd_fname) dsdb.create_pin_file() else: # FIXME, need to set this nickname in the RA plugin cadb.export_ca_cert('ipaCert', False) dsdb.create_from_cacert(cadb.cacert_fname, passwd=None) - self.dercert = dsdb.create_server_cert("Server-Cert", self.host_name, cadb) + self.dercert = dsdb.create_server_cert("Server-Cert", self.fqdn, cadb) + dsdb.track_server_cert("Server-Cert", self.principal, dsdb.passwd_fname) dsdb.create_pin_file() conn = ipaldap.IPAdmin("127.0.0.1") @@ -491,6 +493,9 @@ class DsInstance(service.Service): serverid = self.restore_state("serverid") if not serverid is None: + dirname = config_dirname(serverid) + dsdb = certs.CertDB(dirname) + dsdb.untrack_server_cert("Server-Cert") erase_ds_instance_data(serverid) ds_user = self.restore_state("user") |