do not disconnect when using existing connection to check default CA ACLs

https://fedorahosted.org/freeipa/ticket/5459 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Martin Babinsky <mbabinsk@redhat.com> 2015-11-24 16:40:52 +0100
committer: Jan Cholasta <jcholast@redhat.com> 2015-11-24 17:37:57 +0100
commit: ed830af693c596b286b30959eb3166b59cc030c6 (patch)
tree: 19ad926b2c0113e753fa8bfe2dace13bd541a24a
parent: 341406d16540b1edc0d2792fe2cd9db75590f88e (diff)
download: freeipa-ed830af693c596b286b30959eb3166b59cc030c6.tar.gz
freeipa-ed830af693c596b286b30959eb3166b59cc030c6.tar.xz
freeipa-ed830af693c596b286b30959eb3166b59cc030c6.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index cca27e9d2..8a8ae2fc5 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -2004,7 +2004,8 @@ def _create_dogtag_profile(profile_id, profile_data):
 
 def ensure_default_caacl():
     """Add the default CA ACL if missing."""
-    if not api.Backend.ldap2.isconnected():
+    is_already_connected = api.Backend.ldap2.isconnected()
+    if not is_already_connected:
         try:
             api.Backend.ldap2.connect(autobind=True)
         except errors.PublicError as e:
@@ -2028,7 +2029,7 @@ def ensure_default_caacl():
         api.Command.caacl_add_profile(u'hosts_services_caIPAserviceCert',
             certprofile=(u'caIPAserviceCert',))
 
-    if api.Backend.ldap2.isconnected():
+    if not is_already_connected:
         api.Backend.ldap2.disconnect()
author	Martin Babinsky <mbabinsk@redhat.com>	2015-11-24 16:40:52 +0100
committer	Jan Cholasta <jcholast@redhat.com>	2015-11-24 17:37:57 +0100
commit	ed830af693c596b286b30959eb3166b59cc030c6 (patch)
tree	19ad926b2c0113e753fa8bfe2dace13bd541a24a
parent	341406d16540b1edc0d2792fe2cd9db75590f88e (diff)
download	freeipa-ed830af693c596b286b30959eb3166b59cc030c6.tar.gz freeipa-ed830af693c596b286b30959eb3166b59cc030c6.tar.xz freeipa-ed830af693c596b286b30959eb3166b59cc030c6.zip