Set SuiteSpotGroup when setting up our 389-ds instances.

The group is now required because 389-ds has tightened the permissions
on /var/run/dirsrv. We use the same group for both our LDAP instances
and /var/run/dirsrv ends up as root:dirsrv mode 0770.

ticket 1010

2 files changed, 5 insertions, 1 deletions

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 7cdd28d9..74d78dca 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -72,6 +72,7 @@ INF_TEMPLATE = """
 [General]
 FullMachineName=   $FQHN
 SuiteSpotUserID=   $USER
+SuiteSpotGroup=    $GROUP
 ServerRoot=    $SERVER_ROOT
 [slapd]
 ServerPort=   $DSPORT
@@ -255,7 +256,8 @@ class CADSInstance(service.Service):
                              PASSWORD=self.dm_password, SUFFIX=self.suffix.lower(),
                              REALM=self.realm_name, USER=PKI_DS_USER,
                              SERVER_ROOT=server_root, DOMAIN=self.domain,
-                             TIME=int(time.time()), DSPORT=self.ds_port)
+                             TIME=int(time.time()), DSPORT=self.ds_port,
+                             GROUP=dsinstance.DS_GROUP)
 
     def __create_ds_user(self):
         user_exists = True
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index bf631a67..2bb083fb 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -149,6 +149,7 @@ INF_TEMPLATE = """
 [General]
 FullMachineName=   $FQHN
 SuiteSpotUserID=   $USER
+SuiteSpotGroup=    $GROUP
 ServerRoot=    $SERVER_ROOT
 [slapd]
 ServerPort=   389
@@ -319,6 +320,7 @@ class DsInstance(service.Service):
                              TIME=int(time.time()), IDSTART=self.idstart,
                              IDMAX=self.idmax, HOST=self.fqdn,
                              ESCAPED_SUFFIX= escape_dn_chars(self.suffix.lower()),
+                             GROUP=DS_GROUP,
                          )
 
     def __create_ds_user(self):