diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2014-10-13 14:30:15 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-10-17 12:53:11 +0200 |
| commit | 608851d3f86a9082b394c30fe0c7a7b33d43f363 (patch) | |
| tree | 4e1e34c392d56672d22c7d8d00c0794163048119 /ipaserver/install/ipa_replica_prepare.py | |
| parent | 6227ebb0cd2d8661d9233e26adb5e0bff7fe4c0d (diff) | |
| download | freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.gz freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.xz freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.zip | |
Check LDAP instead of local configuration to see if IPA CA is enabled
The check is done using a new hidden command ca_is_enabled.
https://fedorahosted.org/freeipa/ticket/4621
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipaserver/install/ipa_replica_prepare.py')
| -rw-r--r-- | ipaserver/install/ipa_replica_prepare.py | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py index ce0cff22a..59a9862d5 100644 --- a/ipaserver/install/ipa_replica_prepare.py +++ b/ipaserver/install/ipa_replica_prepare.py @@ -161,12 +161,6 @@ class ReplicaPrepare(admintool.AdminTool): if api.env.host == self.replica_fqdn: raise admintool.ScriptError("You can't create a replica on itself") - if not api.env.enable_ra and not options.http_cert_files: - raise admintool.ScriptError( - "Cannot issue certificates: a CA is not installed. Use the " - "--http-cert-file, --dirsrv-cert-file options to provide " - "custom certificates.") - config_dir = dsinstance.config_dirname( dsinstance.realm_to_serverid(api.env.realm)) if not ipautil.dir_exists(config_dir): @@ -198,10 +192,11 @@ class ReplicaPrepare(admintool.AdminTool): # Try out the password & get the subject base suffix = ipautil.realm_to_suffix(api.env.realm) try: - conn = ldap2(shared_instance=False, base_dn=suffix) + conn = api.Backend.ldap2 conn.connect(bind_dn=DN(('cn', 'directory manager')), bind_pw=self.dirman_password) entry_attrs = conn.get_ipa_config() + ca_enabled = api.Command.ca_is_enabled()['result'] conn.disconnect() except errors.ACIError: raise admintool.ScriptError("The password provided is incorrect " @@ -212,6 +207,12 @@ class ReplicaPrepare(admintool.AdminTool): except errors.DatabaseError, e: raise admintool.ScriptError(e.desc) + if not ca_enabled and not options.http_cert_files: + raise admintool.ScriptError( + "Cannot issue certificates: a CA is not installed. Use the " + "--http-cert-file, --dirsrv-cert-file options to provide " + "custom certificates.") + self.subject_base = entry_attrs.get( 'ipacertificatesubjectbase', [None])[0] if self.subject_base is not None: |