diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2016-11-08 09:53:10 +0100 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2016-11-11 12:17:25 +0100 |
| commit | 87c3c1abecdfb8b5eb227239eeacfbee386a7ed7 (patch) | |
| tree | 69aeaed1da4788d56889b38b6e917ff1045d0d30 /ipaserver | |
| parent | 8cb315af627d712dd21396164cfa2b5d03ccb466 (diff) | |
| download | freeipa-87c3c1abecdfb8b5eb227239eeacfbee386a7ed7.tar.gz freeipa-87c3c1abecdfb8b5eb227239eeacfbee386a7ed7.tar.xz freeipa-87c3c1abecdfb8b5eb227239eeacfbee386a7ed7.zip | |
install: use ldaps for pkispawn in ipa-ca-install
Commit 822e1bc82af3a6c1556546c4fbe96eeafad45762 undone the fix from commit
276d16775a4ce8af5d39ca8a7bf5bcd638df343f, breaking ipa-ca-install on
servers with hardened DS configuration.
Put the fix back to make ipa-ca-install work on hardened DS configuration
again.
https://fedorahosted.org/freeipa/ticket/6392
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/ca.py | 3 | ||||
| -rw-r--r-- | ipaserver/install/cainstance.py | 6 |
2 files changed, 7 insertions, 2 deletions
diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py index a033e233a..10352c9e9 100644 --- a/ipaserver/install/ca.py +++ b/ipaserver/install/ca.py @@ -188,7 +188,8 @@ def install_step_0(standalone, replica_config, options): master_replication_port=master_replication_port, ra_p12=ra_p12, ra_only=ra_only, - promote=promote) + promote=promote, + use_ldaps=standalone) def install_step_1(standalone, replica_config, options): diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 97eb39206..9a42d8e01 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -330,7 +330,7 @@ class CAInstance(DogtagInstance): master_replication_port=None, subject_base=None, ca_signing_algorithm=None, ca_type=None, ra_p12=None, ra_only=False, - promote=False): + promote=False, use_ldaps=False): """Create a CA instance. To create a clone, pass in pkcs12_info. @@ -363,6 +363,7 @@ class CAInstance(DogtagInstance): else: self.ca_type = 'generic' self.no_db_setup = promote + self.use_ldaps = use_ldaps # Determine if we are installing as an externally-signed CA and # what stage we're in. @@ -495,6 +496,9 @@ class CAInstance(DogtagInstance): config.set("CA", "pki_ds_base_dn", self.basedn) config.set("CA", "pki_ds_database", "ipaca") + if self.use_ldaps: + self._use_ldaps_during_spawn(config) + # Certificate subject DN's config.set("CA", "pki_subsystem_subject_dn", str(DN(('cn', 'CA Subsystem'), self.subject_base))) |