libexec scripts: ldap conn management

Certificate renewal scripts require connection to LDAP. Properly
handle connects and disconnects from LDAP.

https://fedorahosted.org/freeipa/ticket/6461

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>

2 files changed, 4 insertions, 0 deletions

diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert
index 7b3c8bdc6..0f0a69031 100644
--- a/install/restart_scripts/renew_ca_cert
+++ b/install/restart_scripts/renew_ca_cert
@@ -40,6 +40,7 @@ def _main():
 
     api.bootstrap(in_server=True, context='restart')
     api.finalize()
+    api.Backend.ldap2.connect()
 
     dogtag_service = services.knownservices['pki_tomcatd']
 
@@ -182,6 +183,7 @@ def _main():
                     conn.disconnect()
     finally:
         shutil.rmtree(tmpdir)
+        api.Backend.ldap2.disconnect()
 
     # Now we can start the CA. Using the services start should fire
     # off the servlet to verify that the CA is actually up and responding so
diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert
index 62c5aa62c..d71d6e2ac 100644
--- a/install/restart_scripts/renew_ra_cert
+++ b/install/restart_scripts/renew_ra_cert
@@ -39,6 +39,7 @@ def _main():
 
     api.bootstrap(in_server=True, context='restart')
     api.finalize()
+    api.Backend.ldap2.connect()
 
     tmpdir = tempfile.mkdtemp(prefix="tmp-")
     try:
@@ -65,6 +66,7 @@ def _main():
             krainstance.export_kra_agent_pem()
     finally:
         shutil.rmtree(tmpdir)
+        api.Backend.ldap2.disconnect()
 
     # Now restart Apache so the new certificate is available
     syslog.syslog(syslog.LOG_NOTICE, "Restarting httpd")