diff options
| author | Alexander Bokovoy <abokovoy@redhat.com> | 2012-07-13 18:12:48 +0300 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-07-31 17:44:35 +0200 |
| commit | 68d5fe1ec7d785f127b3513f84cc632cdb1f9167 (patch) | |
| tree | c0723e680c929f19f4fd2cb61eb7dfd93287d267 /ipaserver/install/dsinstance.py | |
| parent | 16ca564b1004eb672fe4ca3573e542f5a3ce014b (diff) | |
| download | freeipa.git-68d5fe1ec7d785f127b3513f84cc632cdb1f9167.tar.gz freeipa.git-68d5fe1ec7d785f127b3513f84cc632cdb1f9167.tar.xz freeipa.git-68d5fe1ec7d785f127b3513f84cc632cdb1f9167.zip | |
Ensure ipa-adtrust-install is run with Kerberos ticket for admin user
When setting up AD trusts support, ipa-adtrust-install utility
needs to be run as:
- root, for performing Samba configuration and using LDAPI/autobind
- kinit-ed IPA admin user, to ensure proper ACIs are granted to
fetch keytab
As result, we can get rid of Directory Manager credentials in ipa-adtrust-install
https://fedorahosted.org/freeipa/ticket/2815
Diffstat (limited to 'ipaserver/install/dsinstance.py')
| -rw-r--r-- | ipaserver/install/dsinstance.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 25c449a6..9f3ae725 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -160,7 +160,7 @@ info: IPA V2.0 class DsInstance(service.Service): def __init__(self, realm_name=None, domain_name=None, dm_password=None, fstore=None): - service.Service.__init__(self, "dirsrv", dm_password=dm_password) + service.Service.__init__(self, "dirsrv", dm_password=dm_password, ldapi=False, autobind=service.DISABLED) self.realm_name = realm_name self.sub_dict = None self.domain = domain_name |