diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2014-01-02 14:28:22 +0100 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-25 16:54:54 +0100 |
| commit | 48539b35d78f8872fc2996e045987bcfa6ab7db7 (patch) | |
| tree | ae9d70a8941241e5d12a67b493eb7776d38e9a88 | |
| parent | 65957b7effffc3b4235296eab70808d968bc1187 (diff) | |
| download | freeipa-48539b35d78f8872fc2996e045987bcfa6ab7db7.tar.gz freeipa-48539b35d78f8872fc2996e045987bcfa6ab7db7.tar.xz freeipa-48539b35d78f8872fc2996e045987bcfa6ab7db7.zip | |
Use LDAP API to upload CA certificate instead of ldapmodify command.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
| -rw-r--r-- | install/share/Makefile.am | 1 | ||||
| -rw-r--r-- | install/share/upload-cacert.ldif | 7 | ||||
| -rw-r--r-- | ipaserver/install/dsinstance.py | 23 |
3 files changed, 18 insertions, 13 deletions
diff --git a/install/share/Makefile.am b/install/share/Makefile.am index 916c523cb..5dcc37d9e 100644 --- a/install/share/Makefile.am +++ b/install/share/Makefile.am @@ -68,7 +68,6 @@ app_DATA = \ replica-automember.ldif \ replica-s4u2proxy.ldif \ copy-schema-to-ca.py \ - upload-cacert.ldif \ sasl-mapping-fallback.ldif \ schema-update.ldif \ $(NULL) diff --git a/install/share/upload-cacert.ldif b/install/share/upload-cacert.ldif deleted file mode 100644 index d2087d8e2..000000000 --- a/install/share/upload-cacert.ldif +++ /dev/null @@ -1,7 +0,0 @@ -# add CA certificate to LDAP server -dn: cn=CAcert,cn=ipa,cn=etc,$SUFFIX -changetype: add -objectClass: nsContainer -objectClass: pkiCA -cn: CAcert -cACertificate;binary:: $CADERCERT diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 835589d88..af7d6fae6 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -688,12 +688,25 @@ class DsInstance(service.Service): def upload_ca_dercert(self, dercert): """Upload the CA DER certificate to the LDAP directory """ - # Note: Don't try to optimize if base64 data is already available. - # We want to re-encode using Python's b64encode to ensure the - # data is normalized (no extra newlines in the ldif) - self.sub_dict['CADERCERT'] = base64.b64encode(dercert) + conn = ipaldap.IPAdmin(self.fqdn) + conn.do_simple_bind(DN(('cn', 'directory manager')), self.dm_password) - self._ldap_mod('upload-cacert.ldif', self.sub_dict) + dn = DN(('cn', 'CAcert'), ('cn', 'ipa'), ('cn', 'etc'), self.suffix) + try: + entry = conn.get_entry(dn, attrs_list=['cACertificate;binary']) + entry['cACertificate;binary'] = [dercert] + conn.update_entry(entry) + except errors.NotFound: + entry = conn.make_entry( + dn, + {'objectClass': ['nsContainer', 'pkiCA'], + 'cn': ['CAcert'], + 'cACertificate;binary': [dercert]}) + conn.add_entry(entry) + except errors.EmptyModlist: + pass + + conn.unbind() def __add_default_layout(self): self._ldap_mod("bootstrap-template.ldif", self.sub_dict) |