From 51f9ed0239e0bb59a96e9de18e99b10a0dbe9edd Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Wed, 16 Jan 2013 10:05:43 +0100
Subject: Installer should not connect to 127.0.0.1

IPA installer sometimes tries to connect to the Directory Server
via loopback address 127.0.0.1. However, the Directory Server on
pure IPv6 systems may not be listening on this address. This address
may not even be available.

Rather use the FQDN of the server when connecting to the DS to fix
this issue and make the connection consistent ldapmodify calls which
also use FQDN instead of IP address.

https://fedorahosted.org/freeipa/ticket/3355
---
 ipaserver/install/cainstance.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ipaserver/install/cainstance.py')

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 86c075c8..3d028a6a 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -378,7 +378,7 @@ class CADSInstance(service.Service):
         dsdb.create_pin_file()
 
     def enable_ssl(self):
-        conn = ipaldap.IPAdmin("127.0.0.1", port=DEFAULT_DSPORT)
+        conn = ipaldap.IPAdmin(self.fqdn, port=DEFAULT_DSPORT)
         conn.simple_bind_s(DN(('cn', 'directory manager')), self.dm_password)
 
         mod = [(ldap.MOD_REPLACE, "nsSSLClientAuth", "allowed"),
-- 
cgit