diff options
Diffstat (limited to 'base/server/python/pki/server/deployment/pkihelper.py')
-rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index ec0f0a2d4..665922c64 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -817,6 +817,18 @@ class ConfigurationFile: (port, context)) return + def verify_ds_secure_connection_data(self): + # Check to see if a secure connection is being used for the DS + if config.str2bool(self.mdict['pki_ds_secure_connection']): + # Verify existence of a local PEM file containing a + # directory server CA certificate + self.confirm_file_exists("pki_ds_secure_connection_ca_pem_file") + # Verify existence of a nickname for this + # directory server CA certificate + self.confirm_data_exists("pki_ds_secure_connection_ca_nickname") + # Set trustargs for this directory server CA certificate + self.mdict['pki_ds_secure_connection_ca_trustargs'] = "CT,CT,CT" + def verify_command_matches_configuration_file(self): # Silently verify that the command-line parameters match the values # that are present in the corresponding configuration file @@ -3957,7 +3969,12 @@ class ConfigClient: def set_database_parameters(self, data): data.dsHost = self.mdict['pki_ds_hostname'] - data.dsPort = self.mdict['pki_ds_ldap_port'] + if config.str2bool(self.mdict['pki_ds_secure_connection']): + data.secureConn = "true" + data.dsPort = self.mdict['pki_ds_ldaps_port'] + else: + data.secureConn = "false" + data.dsPort = self.mdict['pki_ds_ldap_port'] data.baseDN = self.mdict['pki_ds_base_dn'] data.bindDN = self.mdict['pki_ds_bind_dn'] data.database = self.mdict['pki_ds_database'] @@ -3970,10 +3987,6 @@ class ConfigClient: data.removeData = "true" else: data.removeData = "false" - if config.str2bool(self.mdict['pki_ds_secure_connection']): - data.secureConn = "true" - else: - data.secureConn = "false" if config.str2bool(self.mdict['pki_share_db']): data.sharedDB = "true" data.sharedDBUserDN = self.mdict['pki_share_dbuser_dn'] |