diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2016-12-14 13:23:11 +1000 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2017-01-11 15:26:20 +0100 |
| commit | f54df62abae4a15064bf297634558eb9be83ce33 (patch) | |
| tree | 4af2b9fed2087e5c9662f3395720c99edf75ba99 | |
| parent | 46bf0e89ae054b34adc66d08f205a5155e6f3fd6 (diff) | |
dsinstance: extract function for writing certmap.conf
For full customisability of the IPA CA subject DN, we will need the
ability to update DS `certmap.conf' when upgrading a deployment from
CA-less to CA-ful.
Extract the existing behaviour, which is private to DsInstance, to
the `write_certmap_conf' top-level function.
Also update `certmap.conf.template' for substition of the whole CA
subject DN (not just the subject base).
Part of: https://fedorahosted.org/freeipa/ticket/2614
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
| -rw-r--r-- | install/share/certmap.conf.template | 2 | ||||
| -rw-r--r-- | ipaserver/install/dsinstance.py | 18 |
2 files changed, 14 insertions, 6 deletions
diff --git a/install/share/certmap.conf.template b/install/share/certmap.conf.template index e76bf3c65..d59b095fa 100644 --- a/install/share/certmap.conf.template +++ b/install/share/certmap.conf.template @@ -41,6 +41,6 @@ certmap default default #default:InitFn <Init function's name> default:DNComps default:FilterComps uid -certmap ipaca CN=Certificate Authority,$SUBJECT_BASE +certmap ipaca $ISSUER_DN ipaca:CmapLdapAttr seeAlso ipaca:verifycert on diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 27444a2f5..d23a2aa6f 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -920,11 +920,8 @@ class DsInstance(service.Service): self._ldap_mod("indices.ldif") def __certmap_conf(self): - shutil.copyfile( - os.path.join(paths.USR_SHARE_IPA_DIR, "certmap.conf.template"), - os.path.join(config_dirname(self.serverid), "certmap.conf")) - installutils.update_file(config_dirname(self.serverid) + "certmap.conf", - '$SUBJECT_BASE', str(self.subject_base)) + ca_subject = 'CN=Certificate Authority,' + str(self.subject_base) + write_certmap_conf(self.realm, ca_subject) sysupgrade.set_upgrade_state( 'certmap.conf', 'subject_base', @@ -1286,3 +1283,14 @@ class DsInstance(service.Service): # check for open secure port 636 from now on self.open_ports.append(636) + + +def write_certmap_conf(realm, ca_subject): + """(Re)write certmap.conf with given CA subject DN.""" + serverid = installutils.realm_to_serverid(realm) + ds_dirname = config_dirname(serverid) + certmap_filename = os.path.join(ds_dirname, "certmap.conf") + shutil.copyfile( + os.path.join(paths.USR_SHARE_IPA_DIR, "certmap.conf.template"), + certmap_filename) + installutils.update_file(certmap_filename, '$ISSUER_DN', str(ca_subject)) |