diff options
Diffstat (limited to 'ipaserver/install/krbinstance.py')
-rw-r--r-- | ipaserver/install/krbinstance.py | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 4ad2fcec..d89ad0b3 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -34,6 +34,7 @@ from ipalib import util from ipalib import errors from ipaserver import ipaldap +from ipaserver.install import replication import ldap from ldap import LDAPError @@ -181,7 +182,8 @@ class KrbInstance(service.Service): self.kpasswd = KpasswdInstance() self.kpasswd.create_instance('KPASSWD', self.fqdn, self.admin_password, self.suffix) - def create_replica(self, ds_user, realm_name, host_name, + def create_replica(self, ds_user, realm_name, + master_fqdn, host_name, domain_name, admin_password, ldap_passwd_filename, kpasswd_filename, setup_pkinit=False, pkcs12_info=None, @@ -191,6 +193,7 @@ class KrbInstance(service.Service): self.subject_base = subject_base self.__copy_ldap_passwd(ldap_passwd_filename) self.__copy_kpasswd_keytab(kpasswd_filename) + self.master_fqdn = master_fqdn self.__common_setup(ds_user, realm_name, host_name, domain_name, admin_password) @@ -202,6 +205,7 @@ class KrbInstance(service.Service): self.step("adding the password extension to the directory", self.__add_pwd_extop_module) if setup_pkinit: self.step("installing X509 Certificate for PKINIT", self.__setup_pkinit) + self.step("Enable GSSAPI for replication", self.__convert_to_gssapi_replication) self.__common_post_setup() @@ -543,6 +547,14 @@ class KrbInstance(service.Service): dn = "krbprincipalname=%s,cn=%s,cn=kerberos,%s" % (princ_realm, self.realm, self.suffix) self.admin_conn.inactivateEntry(dn, False) + def __convert_to_gssapi_replication(self): + repl = replication.ReplicationManager(self.realm, + self.fqdn, + self.dm_password) + repl.convert_to_gssapi_replication(self.master_fqdn, + r_binddn="cn=Directory Manager", + r_bindpw=self.dm_password) + def uninstall(self): if self.is_configured(): self.print_msg("Unconfiguring %s" % self.service_name) |