From fe263f764b9d8eabf8ae0fa284f167fec10b4a4d Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspacek@redhat.com>
Date: Sun, 20 Dec 2015 19:35:55 +0100
Subject: DNSSEC: ipa-dnskeysyncd: call ods-signer ldap-cleanup on zone removal

Command "ldap-cleanup <zone name>" is called to remove all key metadata from
LDAP. This command is now called when disabling DNSSEC on a DNS zone. The stale
metadata were causing problems when re-enabling DNSSEC on the same zone.

https://fedorahosted.org/freeipa/ticket/5348

Reviewed-By: Martin Basti <mbasti@redhat.com>
---
 ipapython/dnssec/odsmgr.py | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'ipapython/dnssec')

diff --git a/ipapython/dnssec/odsmgr.py b/ipapython/dnssec/odsmgr.py
index 041ad1fc9..fb6d696af 100644
--- a/ipapython/dnssec/odsmgr.py
+++ b/ipapython/dnssec/odsmgr.py
@@ -151,12 +151,18 @@ class ODSMgr(object):
         output = self.ksmutil(cmd)
         self.log.info(output)
         self.notify_enforcer()
+        self.cleanup_signer(name)
 
     def notify_enforcer(self):
         cmd = ['notify']
         output = self.ksmutil(cmd)
         self.log.info(output)
 
+    def cleanup_signer(self, zone_name):
+        cmd = ['ods-signer', 'ldap-cleanup', str(zone_name)]
+        output = ipautil.run(cmd, capture_output=True)
+        self.log.info(output)
+
     def ldap_event(self, op, uuid, attrs):
         """Record single LDAP event - zone addition or deletion.
 
-- 
cgit