diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-09-02 11:28:16 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-09-09 10:36:00 +0200 |
commit | be4d5bf86336825aed2a9038ebc5caff713d6b0a (patch) | |
tree | 3f9d74967566807363c7be8e5ce28db80d199f38 | |
parent | 712cb047e457e94174901043560f6da83f6b5a34 (diff) | |
download | freeipa-be4d5bf86336825aed2a9038ebc5caff713d6b0a.tar.gz freeipa-be4d5bf86336825aed2a9038ebc5caff713d6b0a.tar.xz freeipa-be4d5bf86336825aed2a9038ebc5caff713d6b0a.zip |
Use autobind when updating CA people entries during certificate renewal
Requires fix for <https://bugzilla.redhat.com/show_bug.cgi?id=1122110>, bump
selinux-policy in the spec file.
https://fedorahosted.org/freeipa/ticket/4005
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
-rw-r--r-- | freeipa.spec.in | 2 | ||||
-rw-r--r-- | ipaserver/install/cainstance.py | 14 |
2 files changed, 4 insertions, 12 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index 0c1ea20d6..c6c5d87fc 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -109,7 +109,7 @@ Requires: dbus-python Requires: systemd-units >= 38 Requires(pre): systemd-units Requires(post): systemd-units -Requires: selinux-policy >= 3.12.1-176 +Requires: selinux-policy >= 3.12.1-179 Requires(post): selinux-policy-base Requires: slapi-nis >= 0.47.7 Requires: pki-ca >= 10.1.1 diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index c237c7464..8c1b139b7 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1890,23 +1890,15 @@ def update_people_entry(dercert): issuer = x509.get_issuer(dercert, datatype=x509.DER) attempts = 0 - configured_constants = dogtag.configured_constants(api) - dogtag_uri = 'ldap://localhost:%d' % configured_constants.DS_PORT + server_id = dsinstance.realm_to_serverid(api.env.realm) + dogtag_uri = 'ldapi://%%2fvar%%2frun%%2fslapd-%s.socket' % server_id updated = False - try: - dm_password = certmonger.get_pin('internaldb') - except IOError, e: - syslog.syslog( - syslog.LOG_ERR, 'Unable to determine PIN for CA instance: %s' % e) - return False - while attempts < 10: conn = None try: conn = ldap2.ldap2(shared_instance=False, ldap_uri=dogtag_uri) - conn.connect( - bind_dn=DN(('cn', 'directory manager')), bind_pw=dm_password) + conn.connect(autobind=True) filter = conn.make_filter( {'description': ';%s;%s' % (issuer, subject)}, |