disconnect ldap2 backend after adding default CA ACL profiles

ensure_default_caacl() was leaking open api.Backend.ldap2 connection which could crash server/replica installation at later stages. This patch ensures that after checking default CA ACL profiles the backend is disconnected. https://fedorahosted.org/freeipa/ticket/5459 Reviewed-By: Tomas Babej <tbabej@redhat.com>
author: Martin Babinsky <mbabinsk@redhat.com> 2015-11-24 14:43:10 +0100
committer: Tomas Babej <tbabej@redhat.com> 2015-11-24 15:37:06 +0100
commit: 341406d16540b1edc0d2792fe2cd9db75590f88e (patch)
tree: 17d37c789f47308fc443d6d6a10a8bfa25ffb912 /ipaserver
parent: 620036d26e98fdcefff00168e9e5463a8257d49c (diff)
download: freeipa-341406d16540b1edc0d2792fe2cd9db75590f88e.tar.gz
freeipa-341406d16540b1edc0d2792fe2cd9db75590f88e.tar.xz
freeipa-341406d16540b1edc0d2792fe2cd9db75590f88e.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 90edb362f..cca27e9d2 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -2028,6 +2028,9 @@ def ensure_default_caacl():
         api.Command.caacl_add_profile(u'hosts_services_caIPAserviceCert',
             certprofile=(u'caIPAserviceCert',))
 
+    if api.Backend.ldap2.isconnected():
+        api.Backend.ldap2.disconnect()
+
 
 if __name__ == "__main__":
     standard_logging_setup("install.log")
author	Martin Babinsky <mbabinsk@redhat.com>	2015-11-24 14:43:10 +0100
committer	Tomas Babej <tbabej@redhat.com>	2015-11-24 15:37:06 +0100
commit	341406d16540b1edc0d2792fe2cd9db75590f88e (patch)
tree	17d37c789f47308fc443d6d6a10a8bfa25ffb912 /ipaserver
parent	620036d26e98fdcefff00168e9e5463a8257d49c (diff)
download	freeipa-341406d16540b1edc0d2792fe2cd9db75590f88e.tar.gz freeipa-341406d16540b1edc0d2792fe2cd9db75590f88e.tar.xz freeipa-341406d16540b1edc0d2792fe2cd9db75590f88e.zip