Use DN objects for Dogtag configuration

Use our DN objects for generating DNs, instead of relying on string operations.
author: Petr Viktorin <pviktori@redhat.com> 2012-12-05 07:00:21 -0500
committer: Rob Crittenden <rcritten@redhat.com> 2012-12-10 10:28:08 -0500
commit: 2bdffa4375d3fb657e5b5a65cb326aff77e35e09 (patch)
tree: 68c12b919adf69d26ec2be332e4030507e0d401c
parent: dae4ea4c7ebd8af832bd599493262aa068ccbb82 (diff)
download: freeipa.git-2bdffa4375d3fb657e5b5a65cb326aff77e35e09.tar.gz
freeipa.git-2bdffa4375d3fb657e5b5a65cb326aff77e35e09.tar.xz
freeipa.git-2bdffa4375d3fb657e5b5a65cb326aff77e35e09.zip
1 files changed, 12 insertions, 6 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index e2112a28..e7b63f81 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -656,7 +656,8 @@ class CAInstance(service.Service):
         config.set("CA", "pki_admin_email", "root@localhost")
         config.set("CA", "pki_admin_password", self.admin_password)
         config.set("CA", "pki_admin_nickname", "ipa-ca-agent")
-        config.set("CA", "pki_admin_subject_dn", "CN=ipa-ca-agent,%s" % self.subject_base)
+        config.set("CA", "pki_admin_subject_dn",
+            str(DN(('cn', 'ipa-ca-agent'), self.subject_base)))
 
         # Directory server
         config.set("CA", "pki_ds_ldap_port", str(self.ds_port))
@@ -665,11 +666,16 @@ class CAInstance(service.Service):
         config.set("CA", "pki_ds_database", "ipaca")
 
         # Certificate subject DN's
-        config.set("CA", "pki_subsystem_subject_dn", "CN=CA Subsystem,%s" % self.subject_base)
-        config.set("CA", "pki_ocsp_signing_subject_dn", "CN=OCSP Subsystem,%s" % self.subject_base)
-        config.set("CA", "pki_ssl_server_subject_dn", "CN=%s,%s" % (self.fqdn, self.subject_base))
-        config.set("CA", "pki_audit_signing_subject_dn", "CN=CA Audit,%s" % self.subject_base)
-        config.set("CA", "pki_ca_signing_subject_dn", "CN=Certificate Authority,%s" % self.subject_base)
+        config.set("CA", "pki_subsystem_subject_dn",
+            str(DN(('cn', 'CA Subsystem'), self.subject_base)))
+        config.set("CA", "pki_ocsp_signing_subject_dn",
+            str(DN(('cn', 'OCSP Subsystem'), self.subject_base)))
+        config.set("CA", "pki_ssl_server_subject_dn",
+            str(DN(('cn', self.fqdn), self.subject_base)))
+        config.set("CA", "pki_audit_signing_subject_dn",
+            str(DN(('cn', 'CA Audit'), self.subject_base)))
+        config.set("CA", "pki_ca_signing_subject_dn",
+            str(DN(('cn', 'Certificate Authority'), self.subject_base)))
 
         # Certificate nicknames
         config.set("CA", "pki_subsystem_nickname", "subsystemCert cert-pki-ca")
author	Petr Viktorin <pviktori@redhat.com>	2012-12-05 07:00:21 -0500
committer	Rob Crittenden <rcritten@redhat.com>	2012-12-10 10:28:08 -0500
commit	2bdffa4375d3fb657e5b5a65cb326aff77e35e09 (patch)
tree	68c12b919adf69d26ec2be332e4030507e0d401c
parent	dae4ea4c7ebd8af832bd599493262aa068ccbb82 (diff)
download	freeipa.git-2bdffa4375d3fb657e5b5a65cb326aff77e35e09.tar.gz freeipa.git-2bdffa4375d3fb657e5b5a65cb326aff77e35e09.tar.xz freeipa.git-2bdffa4375d3fb657e5b5a65cb326aff77e35e09.zip