From 7b6bee030dac08807f254fdf58ba867c36cab23d Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabinsk@redhat.com>
Date: Thu, 12 Mar 2015 16:14:22 +0100
Subject: ipa-dns-install: use STARTTLS to connect to DS

BindInstance et al. now use STARTTLS to set up secure connection to DS during
ipa-dns-install. This fixes https://fedorahosted.org/freeipa/ticket/4933

Reviewed-By: Martin Basti <mbasti@redhat.com>
---
 ipaserver/install/dnskeysyncinstance.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'ipaserver/install/dnskeysyncinstance.py')

diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py
index 090c87505..eb6d07f01 100644
--- a/ipaserver/install/dnskeysyncinstance.py
+++ b/ipaserver/install/dnskeysyncinstance.py
@@ -62,13 +62,14 @@ def dnssec_container_exists(fqdn, suffix, dm_password=None, ldapi=False,
 
 class DNSKeySyncInstance(service.Service):
     def __init__(self, fstore=None, dm_password=None, logger=root_logger,
-                 ldapi=False):
+                 ldapi=False, start_tls=False):
         service.Service.__init__(
             self, "ipa-dnskeysyncd",
             service_desc="DNS key synchronization service",
             dm_password=dm_password,
-            ldapi=ldapi
-            )
+            ldapi=ldapi,
+            start_tls=start_tls
+        )
         self.dm_password = dm_password
         self.logger = logger
         self.extra_config = [u'dnssecVersion 1', ]  # DNSSEC enabled
-- 
cgit