diff options
author | Matthew Harmsen <mharmsen@redhat.com> | 2015-03-13 16:53:52 -0600 |
---|---|---|
committer | Matthew Harmsen <mharmsen@redhat.com> | 2015-03-13 16:56:22 -0600 |
commit | a44ccf872262b1289cd2577a6ba55071066a5209 (patch) | |
tree | fa8bb3b39ca028c1693c69ab397424c90c8890b2 /base/server/sbin | |
parent | a54e29d5be1b38158cc44a8bdeda5dcb96fd4096 (diff) | |
download | pki-a44ccf872262b1289cd2577a6ba55071066a5209.tar.gz pki-a44ccf872262b1289cd2577a6ba55071066a5209.tar.xz pki-a44ccf872262b1289cd2577a6ba55071066a5209.zip |
Allow use of secure LDAPS connection
- PKI TRAC Ticket #1144 - pkispawn needs option to specify ca cert for ldap
Diffstat (limited to 'base/server/sbin')
-rwxr-xr-x | base/server/sbin/pkispawn | 41 |
1 files changed, 38 insertions, 3 deletions
diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn index 1d3d90d3a..edc14a6bc 100755 --- a/base/server/sbin/pkispawn +++ b/base/server/sbin/pkispawn @@ -204,9 +204,44 @@ def main(argv): parser.read_text('Hostname', config.pki_subsystem, 'pki_ds_hostname') - parser.read_text('Port', - config.pki_subsystem, - 'pki_ds_ldap_port') + + if parser.mdict['pki_ds_secure_connection'] == 'True': + secure = 'Y' + else: + secure = 'N' + + secure = parser.read_text( + 'Use a secure LDAPS connection (Yes/No/Quit)', + default=secure, + options=['Yes', 'Y', 'No', 'N', 'Quit', 'Q'], + sign='?', case_sensitive=False).lower() + + if secure == 'q' or secure == 'quit': + print "Installation canceled." + sys.exit(0) + + if secure == 'y' or secure == 'yes': + # Set secure DS connection to true + parser.set_property(config.pki_subsystem, + 'pki_ds_secure_connection', + 'True') + # Prompt for secure 'ldaps' port + parser.read_text('Secure LDAPS Port', + config.pki_subsystem, + 'pki_ds_ldaps_port') + # Specify complete path to a directory server + # CA certificate pem file + pem_file = parser.read_text( + 'Directory Server CA certificate pem file', + allow_empty=False) + parser.set_property(config.pki_subsystem, + 'pki_ds_secure_connection_ca_pem_file', + pem_file) + else: + parser.read_text('LDAP Port', + config.pki_subsystem, + 'pki_ds_ldap_port') + parser.read_text('Bind DN', config.pki_subsystem, 'pki_ds_bind_dn') |