diff options
author | Martin Babinsky <mbabinsk@redhat.com> | 2015-11-24 14:43:10 +0100 |
---|---|---|
committer | Tomas Babej <tbabej@redhat.com> | 2015-11-24 15:37:06 +0100 |
commit | 341406d16540b1edc0d2792fe2cd9db75590f88e (patch) | |
tree | 17d37c789f47308fc443d6d6a10a8bfa25ffb912 /ipaserver | |
parent | 620036d26e98fdcefff00168e9e5463a8257d49c (diff) | |
download | freeipa-341406d16540b1edc0d2792fe2cd9db75590f88e.tar.gz freeipa-341406d16540b1edc0d2792fe2cd9db75590f88e.tar.xz freeipa-341406d16540b1edc0d2792fe2cd9db75590f88e.zip |
disconnect ldap2 backend after adding default CA ACL profiles
ensure_default_caacl() was leaking open api.Backend.ldap2 connection which
could crash server/replica installation at later stages. This patch ensures
that after checking default CA ACL profiles the backend is disconnected.
https://fedorahosted.org/freeipa/ticket/5459
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/cainstance.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 90edb362f..cca27e9d2 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -2028,6 +2028,9 @@ def ensure_default_caacl(): api.Command.caacl_add_profile(u'hosts_services_caIPAserviceCert', certprofile=(u'caIPAserviceCert',)) + if api.Backend.ldap2.isconnected(): + api.Backend.ldap2.disconnect() + if __name__ == "__main__": standard_logging_setup("install.log") |