diff options
author | Tomas Krizek <tkrizek@redhat.com> | 2016-11-11 12:45:11 +0100 |
---|---|---|
committer | Martin Babinsky <mbabinsk@redhat.com> | 2016-11-11 14:55:24 +0100 |
commit | f183f70e0183e51d569ada972bd3ec73cad76a30 (patch) | |
tree | b80d98e09a023f1f3c4339e13e8e90a57fa439e9 /ipaserver/install/dnskeysyncinstance.py | |
parent | 28bc54f91dfbd76887180fa67ceecb46977a4fb8 (diff) | |
download | freeipa-f183f70e0183e51d569ada972bd3ec73cad76a30.tar.gz freeipa-f183f70e0183e51d569ada972bd3ec73cad76a30.tar.xz freeipa-f183f70e0183e51d569ada972bd3ec73cad76a30.zip |
dns: check if container exists using ldapi
Previously an adhoc connection was established for checking if
dns(sec) container exists. A simple or external bind was used.
Instead, always connect with ldapi through api.Backend.ldap2.
https://fedorahosted.org/freeipa/ticket/6461
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipaserver/install/dnskeysyncinstance.py')
-rw-r--r-- | ipaserver/install/dnskeysyncinstance.py | 28 |
1 files changed, 5 insertions, 23 deletions
diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py index 656242b3f..74a657d44 100644 --- a/ipaserver/install/dnskeysyncinstance.py +++ b/ipaserver/install/dnskeysyncinstance.py @@ -19,12 +19,10 @@ from ipaserver.install import service from ipaserver.install import installutils from ipapython.ipa_log_manager import root_logger from ipapython.dn import DN -from ipapython import ipaldap from ipapython import ipautil from ipaplatform.constants import constants from ipaplatform.paths import paths from ipalib import errors, api -from ipalib.constants import CACERT from ipaserver.install.bindinstance import dns_container_exists softhsm_token_label = u'ipaDNSSEC' @@ -32,26 +30,13 @@ softhsm_slot = 0 replica_keylabel_template = u"dnssec-replica:%s" -def dnssec_container_exists(fqdn, suffix, dm_password=None, ldapi=False, - realm=None): +def dnssec_container_exists(suffix): """ Test whether the dns container exists. """ assert isinstance(suffix, DN) - try: - # At install time we may need to use LDAPI to avoid chicken/egg - # issues with SSL certs and truting CAs - ldap_uri = ipaldap.get_ldap_uri(fqdn, 636, ldapi=ldapi, realm=realm, - cacert=CACERT) - conn = ipaldap.LDAPClient(ldap_uri, cacert=CACERT) - conn.simple_bind(ipaldap.DIRMAN_DN, dm_password) - except ldap.SERVER_DOWN: - raise RuntimeError('LDAP server on %s is not responding. Is IPA installed?' % fqdn) - - ret = conn.entry_exists(DN(('cn', 'sec'), ('cn', 'dns'), suffix)) - conn.unbind() - - return ret + return api.Backend.ldap2.entry_exists( + DN(('cn', 'sec'), ('cn', 'dns'), suffix)) def remove_replica_public_keys(hostname): @@ -161,9 +146,7 @@ class DNSKeySyncInstance(service.Service): except KeyError: raise RuntimeError("OpenDNSSEC GID not found") - if not dns_container_exists( - self.fqdn, self.suffix, realm=self.realm, ldapi=True - ): + if not dns_container_exists(self.suffix): raise RuntimeError("DNS container does not exist") # ready to be installed, storing a state is required to run uninstall @@ -173,8 +156,7 @@ class DNSKeySyncInstance(service.Service): """ Setup LDAP containers for DNSSEC """ - if dnssec_container_exists(self.fqdn, self.suffix, ldapi=True, - realm=self.realm): + if dnssec_container_exists(self.suffix): self.logger.info("DNSSEC container exists (step skipped)") return |