From f5177e6b84a44d417e0e37df40fe92f62de9262d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 11 Aug 2008 16:15:30 -0400 Subject: Install the ca.crt file early on so that we can always enforce SSL protected connections to other LDAP servers Fix error reporting on replica creation. --- ipa-server/ipaserver/replication.py | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) (limited to 'ipa-server/ipaserver/replication.py') diff --git a/ipa-server/ipaserver/replication.py b/ipa-server/ipaserver/replication.py index d8bb6006..d3b1551c 100644 --- a/ipa-server/ipaserver/replication.py +++ b/ipa-server/ipaserver/replication.py @@ -24,6 +24,7 @@ from ldap import modlist from ipa import ipaerror DIRMAN_CN = "cn=directory manager" +CACERT="/usr/share/ipa/html/ca.crt" PORT = 636 TIMEOUT = 120 @@ -32,13 +33,9 @@ class ReplicationManager: def __init__(self, hostname, dirman_passwd): self.hostname = hostname self.dirman_passwd = dirman_passwd - try: - self.conn = ipaldap.IPAdmin(hostname) - self.conn.do_simple_bind(bindpw=dirman_passwd) - except ldap.CONNECT_ERROR, e: - return None - except ldap.SERVER_DOWN, e: - return None + + self.conn = ipaldap.IPAdmin(hostname, port=PORT, cacert=CACERT) + self.conn.do_simple_bind(bindpw=dirman_passwd) self.repl_man_passwd = dirman_passwd @@ -175,7 +172,7 @@ class ReplicationManager: logging.debug("failed to find mappting tree entry for %s" % self.suffix) raise e - return entry + return entry def enable_chain_on_update(self, bename): @@ -301,13 +298,8 @@ class ReplicationManager: - the directory manager password needs to be the same on both directories. """ - try: - other_conn = ipaldap.IPAdmin(other_hostname) - other_conn.do_simple_bind(bindpw=self.dirman_passwd) - except ldap.CONNECT_ERROR, e: - return None - except ldap.SERVER_DOWN, e: - return None + other_conn = ipaldap.IPAdmin(other_hostname, port=PORT, cacert=CACERT) + other_conn.do_simple_bind(bindpw=self.dirman_passwd) self.suffix = ipaldap.IPAdmin.normalizeDN(dsinstance.realm_to_suffix(realm_name)) -- cgit