Update existing 389-DS cn=RSA,cn=encryption config

389-DS >= 1.4.0 on Fedora 28 has a default entry for cn=RSA,cn=encryption,cn=config. The installer now updates the entry in case it already exists. This ensures that token and personality are correct for freeIPA Fixes: https://pagure.io/freeipa/issue/7393 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
author: Christian Heimes <cheimes@redhat.com> 2018-02-08 12:23:27 +0100
committer: Christian Heimes <cheimes@redhat.com> 2018-02-08 14:45:58 +0100
commit: 939db89cacdd9450400093be33af891d17545c10 (patch)
tree: d6c7907b99303df76ecc6a17151bcbafaacf87dd
parent: b07937d0b80c8ccc714ea62fafcc7090bbaecc23 (diff)
download: freeipa-939db89cacdd9450400093be33af891d17545c10.tar.gz
freeipa-939db89cacdd9450400093be33af891d17545c10.tar.xz
freeipa-939db89cacdd9450400093be33af891d17545c10.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index f1c866136..2493b8a54 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -878,7 +878,11 @@ class DsInstance(service.Service):
             nsSSLToken=["internal (software)"],
             nsSSLActivation=["on"],
         )
-        conn.add_entry(entry)
+        try:
+            conn.add_entry(entry)
+        except errors.DuplicateEntry:
+            # 389-DS >= 1.4.0 has a default entry, update it.
+            conn.update_entry(entry)
 
         conn.unbind()
author	Christian Heimes <cheimes@redhat.com>	2018-02-08 12:23:27 +0100
committer	Christian Heimes <cheimes@redhat.com>	2018-02-08 14:45:58 +0100
commit	939db89cacdd9450400093be33af891d17545c10 (patch)
tree	d6c7907b99303df76ecc6a17151bcbafaacf87dd
parent	b07937d0b80c8ccc714ea62fafcc7090bbaecc23 (diff)
download	freeipa-939db89cacdd9450400093be33af891d17545c10.tar.gz freeipa-939db89cacdd9450400093be33af891d17545c10.tar.xz freeipa-939db89cacdd9450400093be33af891d17545c10.zip