diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-10-13 14:30:15 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-10-17 12:53:11 +0200 |
commit | 608851d3f86a9082b394c30fe0c7a7b33d43f363 (patch) | |
tree | 4e1e34c392d56672d22c7d8d00c0794163048119 /ipaserver/install/ipa_server_certinstall.py | |
parent | 6227ebb0cd2d8661d9233e26adb5e0bff7fe4c0d (diff) | |
download | freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.gz freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.xz freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.zip |
Check LDAP instead of local configuration to see if IPA CA is enabled
The check is done using a new hidden command ca_is_enabled.
https://fedorahosted.org/freeipa/ticket/4621
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipaserver/install/ipa_server_certinstall.py')
-rw-r--r-- | ipaserver/install/ipa_server_certinstall.py | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py index 9165ac1c9..80cf6d5d5 100644 --- a/ipaserver/install/ipa_server_certinstall.py +++ b/ipaserver/install/ipa_server_certinstall.py @@ -83,7 +83,7 @@ class ServerCertInstall(admintool.AdminTool): def ask_for_options(self): super(ServerCertInstall, self).ask_for_options() - if self.options.dirsrv and not self.options.dirman_password: + if not self.options.dirman_password: self.options.dirman_password = installutils.read_password( "Directory Manager", confirm=False, validate=False, retry=False) if self.options.dirman_password is None: @@ -101,20 +101,23 @@ class ServerCertInstall(admintool.AdminTool): api.bootstrap(in_server=True) api.finalize() + conn = api.Backend.ldap2 + conn.connect(bind_dn=DN(('cn', 'directory manager')), + bind_pw=self.options.dirman_password) + if self.options.dirsrv: self.install_dirsrv_cert() if self.options.http: self.install_http_cert() + conn.disconnect() + def install_dirsrv_cert(self): serverid = dsinstance.realm_to_serverid(api.env.realm) dirname = dsinstance.config_dirname(serverid) - conn = ldap2(shared_instance=False, base_dn='') - conn.connect(bind_dn=DN(('cn', 'directory manager')), - bind_pw=self.options.dirman_password) - + conn = api.Backend.ldap2 entry = conn.get_entry(DN(('cn', 'RSA'), ('cn', 'encryption'), ('cn', 'config')), ['nssslpersonalityssl']) @@ -130,8 +133,6 @@ class ServerCertInstall(admintool.AdminTool): except errors.EmptyModlist: pass - conn.disconnect() - def install_http_cert(self): dirname = certs.NSS_DIR @@ -165,14 +166,15 @@ class ServerCertInstall(admintool.AdminTool): cdb = certs.CertDB(api.env.realm, nssdir=dirname) try: - if api.env.enable_ra: + ca_enabled = api.Command.ca_is_enabled()['result'] + if ca_enabled: cdb.untrack_server_cert(old_cert) cdb.delete_cert(old_cert) cdb.import_pkcs12(pkcs12_file.name, pin) server_cert = cdb.find_server_certs()[0][0] - if api.env.enable_ra: + if ca_enabled: cdb.track_server_cert(server_cert, principal, cdb.passwd_fname, command) except RuntimeError, e: |