diff options
| author | Martin Kosek <mkosek@redhat.com> | 2013-01-16 10:05:43 +0100 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2013-01-21 12:13:31 -0500 |
| commit | 040ba6bebaa55e7cfa3062d8ced5b4a7f96073d8 (patch) | |
| tree | 7c643d5ce1898a4fde93006ff294a89ac2c8bfcf | |
| parent | cab85b7c9a7e8b7c82915512f7d4718c4cbcbef9 (diff) | |
| download | freeipa.git-040ba6bebaa55e7cfa3062d8ced5b4a7f96073d8.tar.gz freeipa.git-040ba6bebaa55e7cfa3062d8ced5b4a7f96073d8.tar.xz freeipa.git-040ba6bebaa55e7cfa3062d8ced5b4a7f96073d8.zip | |
Installer should not connect to 127.0.0.1
IPA installer sometimes tries to connect to the Directory Server
via loopback address 127.0.0.1. However, the Directory Server on
pure IPv6 systems may not be listening on this address. This address
may not even be available.
Rather use the FQDN of the server when connecting to the DS to fix
this issue and make the connection consistent ldapmodify calls which
also use FQDN instead of IP address.
https://fedorahosted.org/freeipa/ticket/3355
| -rw-r--r-- | ipaserver/install/cainstance.py | 2 | ||||
| -rw-r--r-- | ipaserver/install/dsinstance.py | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 86c075c8..3d028a6a 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -378,7 +378,7 @@ class CADSInstance(service.Service): dsdb.create_pin_file() def enable_ssl(self): - conn = ipaldap.IPAdmin("127.0.0.1", port=DEFAULT_DSPORT) + conn = ipaldap.IPAdmin(self.fqdn, port=DEFAULT_DSPORT) conn.simple_bind_s(DN(('cn', 'directory manager')), self.dm_password) mod = [(ldap.MOD_REPLACE, "nsSSLClientAuth", "allowed"), diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index b963417e..966eeed5 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -463,7 +463,7 @@ class DsInstance(service.Service): dn = DN(('cn', 'IPA install %s' % self.sub_dict["TIME"]), ('cn', 'memberof task'), ('cn', 'tasks'), ('cn', 'config')) root_logger.debug("Waiting for memberof task to complete.") - conn = ipaldap.IPAdmin("127.0.0.1") + conn = ipaldap.IPAdmin(self.fqdn) if self.dm_password: conn.simple_bind_s(DN(('cn', 'directory manager')), self.dm_password) else: @@ -558,7 +558,7 @@ class DsInstance(service.Service): dsdb.track_server_cert("Server-Cert", self.principal, dsdb.passwd_fname, 'restart_dirsrv %s' % self.serverid) dsdb.create_pin_file() - conn = ipaldap.IPAdmin("127.0.0.1") + conn = ipaldap.IPAdmin(self.fqdn) conn.simple_bind_s(DN(('cn', 'directory manager')), self.dm_password) mod = [(ldap.MOD_REPLACE, "nsSSLClientAuth", "allowed"), |