diff options
author | Stanislav Laznicka <slaznick@redhat.com> | 2016-11-09 17:55:56 +0100 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2016-11-11 12:17:25 +0100 |
commit | 8c742b1539591b49474fe8ec871e1b523e9898bd (patch) | |
tree | ddadee6a140a91fde90a377ae1d9803cc0d3cf28 /ipaserver/install/server/replicainstall.py | |
parent | 7cd3b1bfa76c846b7ffec18e380b71a6617d97ec (diff) | |
download | freeipa-8c742b1539591b49474fe8ec871e1b523e9898bd.tar.gz freeipa-8c742b1539591b49474fe8ec871e1b523e9898bd.tar.xz freeipa-8c742b1539591b49474fe8ec871e1b523e9898bd.zip |
Fix CA replica install on DL1
Dogtag requires Directory Manager password for its installation.
On Domain Level 1 a special password for Directory Manager is
created and used during the installation. However, by importing
the real DM password from remote LDAP, we can no longer use
the temporary password from the replica installation.
https://fedorahosted.org/freeipa/ticket/6392
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver/install/server/replicainstall.py')
-rw-r--r-- | ipaserver/install/server/replicainstall.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 053c5021e..770688c1d 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -1378,7 +1378,6 @@ def install(installer): config.realm_name) if promote: custodia.create_replica(config.master_host_name) - custodia.import_dm_password(config.master_host_name) else: custodia.create_instance() @@ -1400,6 +1399,7 @@ def install(installer): krb.restart() if promote: + custodia.import_dm_password(config.master_host_name) promote_sssd(config.host_name) promote_openldap_conf(config.host_name, config.master_host_name) |