From a0bfbec19f99d01f59299b02a2f5f2f3a76fc1c3 Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Tue, 11 Jan 2011 10:27:48 -0500
Subject: Use GSSAPI for replication

Uses a temporary simple replication agreement over SSL to init the tree.
Then once all principals have been created switches replication to GSSAPI.

Fixes: https://fedorahosted.org/freeipa/ticket/690
---
 install/tools/ipa-replica-install | 3 ++-
 install/tools/ipa-replica-manage  | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

(limited to 'install/tools')

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 76f7f8c9..3c912a75 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -205,7 +205,8 @@ def install_krb(config, setup_pkinit=False):
         pkcs12_info = (config.dir + "/pkinitcert.p12",
                        config.dir + "/pkinit_pin.txt")
 
-    krb.create_replica(config.ds_user, config.realm_name, config.host_name,
+    krb.create_replica(config.ds_user, config.realm_name,
+                       config.master_host_name, config.host_name,
                        config.domain_name, config.dirman_password,
                        ldappwd_filename, kpasswd_filename,
                        setup_pkinit, pkcs12_info)
diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index 2400176f..0fd06fd2 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -312,7 +312,7 @@ def add_link(realm, replica1, replica2, dirman_passwd, options):
                                         options.passsync, options.win_subtree,
                                         options.cacert)
     else:
-        repl1.setup_replication(replica2, "cn=Directory Manager", dirman_passwd)
+        repl1.setup_gssapi_replication(replica2, "cn=Directory Manager", dirman_passwd)
     print "Connected '%s' to '%s'" % (replica1, replica2)
 
 def re_initialize(realm, options):
@@ -350,7 +350,7 @@ def force_sync(realm, thishost, fromhost, dirman_passwd):
         sys.exit(1)
     if len(entry) > 1:
         logging.error("Found multiple agreements for %s. Only initializing the first one returned: %s" % (thishost, entry[0].dn))
-    repl.force_synch(entry[0].dn, entry[0].nsds5replicaupdateschedule, repl.conn)
+    repl.force_synch(entry[0].dn, entry[0].nsds5replicaupdateschedule)
 
 def main():
     options, args = parse_options()
-- 
cgit