Allow use of secure LDAPS connection

- PKI TRAC Ticket #1144 - pkispawn needs option to specify ca cert for ldap
author: Matthew Harmsen <mharmsen@redhat.com> 2015-03-13 16:53:52 -0600
committer: Matthew Harmsen <mharmsen@redhat.com> 2015-03-13 16:56:22 -0600
commit: a44ccf872262b1289cd2577a6ba55071066a5209 (patch)
tree: fa8bb3b39ca028c1693c69ab397424c90c8890b2 /base/server/sbin
parent: a54e29d5be1b38158cc44a8bdeda5dcb96fd4096 (diff)
download: pki-a44ccf872262b1289cd2577a6ba55071066a5209.tar.gz
pki-a44ccf872262b1289cd2577a6ba55071066a5209.tar.xz
pki-a44ccf872262b1289cd2577a6ba55071066a5209.zip
1 files changed, 38 insertions, 3 deletions
diff --git a/base/server/sbin/pkispawn b/base/server/sbin/pkispawn
index 1d3d90d3a..edc14a6bc 100755
--- a/base/server/sbin/pkispawn
+++ b/base/server/sbin/pkispawn
@@ -204,9 +204,44 @@ def main(argv):
                 parser.read_text('Hostname',
                                  config.pki_subsystem,
                                  'pki_ds_hostname')
-                parser.read_text('Port',
-                                 config.pki_subsystem,
-                                 'pki_ds_ldap_port')
+
+                if parser.mdict['pki_ds_secure_connection'] == 'True':
+                    secure = 'Y'
+                else:
+                    secure = 'N'
+
+                secure = parser.read_text(
+                    'Use a secure LDAPS connection (Yes/No/Quit)',
+                    default=secure,
+                    options=['Yes', 'Y', 'No', 'N', 'Quit', 'Q'],
+                    sign='?', case_sensitive=False).lower()
+
+                if secure == 'q' or secure == 'quit':
+                    print "Installation canceled."
+                    sys.exit(0)
+
+                if secure == 'y' or secure == 'yes':
+                    # Set secure DS connection to true
+                    parser.set_property(config.pki_subsystem,
+                                        'pki_ds_secure_connection',
+                                        'True')
+                    # Prompt for secure 'ldaps' port
+                    parser.read_text('Secure LDAPS Port',
+                                     config.pki_subsystem,
+                                     'pki_ds_ldaps_port')
+                    # Specify complete path to a directory server
+                    # CA certificate pem file
+                    pem_file = parser.read_text(
+                        'Directory Server CA certificate pem file',
+                        allow_empty=False)
+                    parser.set_property(config.pki_subsystem,
+                                        'pki_ds_secure_connection_ca_pem_file',
+                                        pem_file)
+                else:
+                    parser.read_text('LDAP Port',
+                                     config.pki_subsystem,
+                                     'pki_ds_ldap_port')
+
                 parser.read_text('Bind DN',
                                  config.pki_subsystem,
                                  'pki_ds_bind_dn')
author	Matthew Harmsen <mharmsen@redhat.com>	2015-03-13 16:53:52 -0600
committer	Matthew Harmsen <mharmsen@redhat.com>	2015-03-13 16:56:22 -0600
commit	a44ccf872262b1289cd2577a6ba55071066a5209 (patch)
tree	fa8bb3b39ca028c1693c69ab397424c90c8890b2 /base/server/sbin
parent	a54e29d5be1b38158cc44a8bdeda5dcb96fd4096 (diff)
download	pki-a44ccf872262b1289cd2577a6ba55071066a5209.tar.gz pki-a44ccf872262b1289cd2577a6ba55071066a5209.tar.xz pki-a44ccf872262b1289cd2577a6ba55071066a5209.zip