diff options
author | David Kupka <dkupka@redhat.com> | 2015-11-23 06:38:17 +0000 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-11-23 15:50:16 +0100 |
commit | 5f2cfb5aa2c5ee4e7421090ec154f744ef2225c0 (patch) | |
tree | 7a6b161d87e5fbc8d27746c4f19256bae06b6e51 /ipaserver | |
parent | 657cf958c6fc6767d09cfbd2d84046d5b84e9f80 (diff) | |
download | freeipa-5f2cfb5aa2c5ee4e7421090ec154f744ef2225c0.tar.gz freeipa-5f2cfb5aa2c5ee4e7421090ec154f744ef2225c0.tar.xz freeipa-5f2cfb5aa2c5ee4e7421090ec154f744ef2225c0.zip |
ipa-cacert-renew: Fix connection to ldap.
https://fedorahosted.org/freeipa/ticket/5468
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/ipa_cacert_manage.py | 30 |
1 files changed, 13 insertions, 17 deletions
diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py index 66cba891f..96de6bffb 100644 --- a/ipaserver/install/ipa_cacert_manage.py +++ b/ipaserver/install/ipa_cacert_manage.py @@ -107,9 +107,7 @@ class CACertManage(admintool.AdminTool): if ((command == 'renew' and options.external_cert_files) or command == 'install'): - self.conn = self.ldap_connect() - else: - self.conn = None + self.ldap_connect() try: if command == 'renew': @@ -117,22 +115,20 @@ class CACertManage(admintool.AdminTool): elif command == 'install': rc = self.install() finally: - if self.conn is not None: - self.conn.disconnect() + if api.Backend.ldap2.isconnected(): + api.Backend.ldap2.disconnect() return rc def ldap_connect(self): - conn = ldap2(api) - password = self.options.password if not password: try: - conn.connect() + api.Backend.ldap2.connect(ccache=os.environ.get('KRB5CCNAME')) except (gssapi.exceptions.GSSError, errors.ACIError): pass else: - return conn + return password = installutils.read_password( "Directory Manager", confirm=False, validate=False) @@ -140,9 +136,8 @@ class CACertManage(admintool.AdminTool): raise admintool.ScriptError( "Directory Manager password required") - conn.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=password) + api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=password) - return conn def renew(self): ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR) @@ -206,6 +201,7 @@ class CACertManage(admintool.AdminTool): print("Importing the renewed CA certificate, please wait") options = self.options + conn = api.Backend.ldap2 cert_file, ca_file = installutils.load_external_cert( options.external_cert_files, x509.subject_base()) @@ -274,21 +270,21 @@ class CACertManage(admintool.AdminTool): except RuntimeError: break certstore.put_ca_cert_nss( - self.conn, api.env.basedn, ca_cert, nickname, ',,') + conn, api.env.basedn, ca_cert, nickname, ',,') dn = DN(('cn', self.cert_nickname), ('cn', 'ca_renewal'), ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn) try: - entry = self.conn.get_entry(dn, ['usercertificate']) + entry = conn.get_entry(dn, ['usercertificate']) entry['usercertificate'] = [cert] - self.conn.update_entry(entry) + conn.update_entry(entry) except errors.NotFound: - entry = self.conn.make_entry( + entry = conn.make_entry( dn, objectclass=['top', 'pkiuser', 'nscontainer'], cn=[self.cert_nickname], usercertificate=[cert]) - self.conn.add_entry(entry) + conn.add_entry(entry) except errors.EmptyModlist: pass @@ -363,7 +359,7 @@ class CACertManage(admintool.AdminTool): try: certstore.put_ca_cert_nss( - self.conn, api.env.basedn, cert, nickname, trust_flags) + api.Backend.ldap2, api.env.basedn, cert, nickname, trust_flags) except ValueError as e: raise admintool.ScriptError( "Failed to install the certificate: %s" % e) |