diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2016-12-20 20:21:10 +1000 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2017-01-11 15:28:50 +0100 |
| commit | 0c95a00147b1dd508736dacc847873ddddafb504 (patch) | |
| tree | 7bfe0a947bb53859bf93801481f124d19dd93cb1 /ipaserver/install | |
| parent | 3f5660973251fe4b178e6486b6b86fbdd162d4d6 (diff) | |
| download | freeipa-0c95a00147b1dd508736dacc847873ddddafb504.tar.gz freeipa-0c95a00147b1dd508736dacc847873ddddafb504.tar.xz freeipa-0c95a00147b1dd508736dacc847873ddddafb504.zip | |
Add sanity checks for use of --ca-subject and --subject-base
Print an error and terminate if --ca-subject or --subject-base are
used when installing a CA-less master or when performing standalone
installation of a CA replica.
Part of: https://fedorahosted.org/freeipa/ticket/2614
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver/install')
| -rw-r--r-- | ipaserver/install/server/install.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index db765d60b..c26982769 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -364,6 +364,13 @@ def install_check(installer): setup_ca = True options.setup_ca = setup_ca + if not setup_ca and options.ca_subject: + raise ScriptError( + "--ca-subject cannot be used with CA-less installation") + if not setup_ca and options.subject_base: + raise ScriptError( + "--subject-base cannot be used with CA-less installation") + # first instance of KRA must be installed by ipa-kra-install options.setup_kra = False |