diff options
| author | Simo Sorce <simo@redhat.com> | 2012-11-12 17:43:05 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2013-01-23 14:26:41 -0500 |
| commit | 18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f (patch) | |
| tree | d254fad8444807639698c491e3382e38a8f75b78 /ipaserver/install/dsinstance.py | |
| parent | 69c2f077dfdc3b91c3d892556711e0720502f868 (diff) | |
| download | freeipa.git-18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f.tar.gz freeipa.git-18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f.tar.xz freeipa.git-18eea90ebb24a9c22248f0b7e18646cc6e3e3e0f.zip | |
Upload CA cert in the directory on install
This will later allow clients to securely download the CA cert by
performaing mutual auth using LDAP with GSSAPI
Diffstat (limited to 'ipaserver/install/dsinstance.py')
| -rw-r--r-- | ipaserver/install/dsinstance.py | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 966eeed5..76ef6872 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -44,6 +44,7 @@ from ipaserver.install import replication from ipalib import util, errors from ipapython.dn import DN from ipaserver.plugins.ldap2 import ldap2 +import base64 SERVER_ROOT_64 = "/usr/lib64/dirsrv" SERVER_ROOT_32 = "/usr/lib/dirsrv" @@ -261,6 +262,7 @@ class DsInstance(service.Service): self.step("adding range check plugin", self.__add_range_check_plugin) if hbac_allow: self.step("creating default HBAC rule allow_all", self.add_hbac) + self.step("Upload CA cert to the directory", self.__upload_ca_cert) self.__common_post_setup() @@ -587,6 +589,19 @@ class DsInstance(service.Service): # check for open secure port 636 from now on self.open_ports.append(636) + def __upload_ca_cert(self): + """ + Upload the CA certificate in DER form in the LDAP directory. + """ + + dirname = config_dirname(self.serverid) + certdb = certs.CertDB(self.realm_name, nssdir=dirname, subject_base=self.subject_base) + + dercert = certdb.get_cert_from_db(certdb.cacert_name, pem=False) + self.sub_dict['CADERCERT'] = base64.b64encode(dercert) + + self._ldap_mod('upload-cacert.ldif', self.sub_dict) + def __add_default_layout(self): self._ldap_mod("bootstrap-template.ldif", self.sub_dict) |