diff options
| -rw-r--r-- | ipaserver/install/cainstance.py | 14 | ||||
| -rw-r--r-- | ipaserver/install/server/upgrade.py | 2 |
2 files changed, 12 insertions, 4 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 2a2328449..5e3e8c7f9 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1701,7 +1701,7 @@ def ensure_ldap_profiles_container(): ) def ensure_lightweight_cas_container(): - ensure_entry( + return ensure_entry( DN(('ou', 'authorities'), ('ou', 'ca'), ('o', 'ipaca')), objectclass=['top', 'organizationalUnit'], ou=['authorities'], @@ -1709,6 +1709,12 @@ def ensure_lightweight_cas_container(): def ensure_entry(dn, **attrs): + """Ensure an entry exists. + + If an entry with the given DN already exists, return ``False``, + otherwise add the entry and return ``True``. + + """ server_id = installutils.realm_to_serverid(api.env.realm) dogtag_uri = 'ldapi://%%2fvar%%2frun%%2fslapd-%s.socket' % server_id @@ -1718,12 +1724,14 @@ def ensure_entry(dn, **attrs): try: conn.get_entry(dn) + return False except errors.NotFound: # entry doesn't exist; add it entry = conn.make_entry(dn, **attrs) conn.add_entry(entry) - - conn.disconnect() + return True + finally: + conn.disconnect() def configure_profiles_acl(): diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 3955a8cb9..43427178b 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1747,6 +1747,7 @@ def upgrade_configuration(): ca_enable_pkix(ca), ca_configure_profiles_acl(ca), ca_configure_lightweight_ca_acls(ca), + ca_ensure_lightweight_cas_container(ca), ca_add_default_ocsp_uri(ca), ]) @@ -1758,7 +1759,6 @@ def upgrade_configuration(): except ipautil.CalledProcessError as e: root_logger.error("Failed to restart %s: %s", ca.service_name, e) - ca_ensure_lightweight_cas_container(ca) ca_enable_ldap_profile_subsystem(ca) # This step MUST be done after ca_enable_ldap_profile_subsystem and |