diff options
Diffstat (limited to 'ipaserver/install/drminstance.py')
-rw-r--r-- | ipaserver/install/drminstance.py | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/ipaserver/install/drminstance.py b/ipaserver/install/drminstance.py index a251e39a3..de98276e8 100644 --- a/ipaserver/install/drminstance.py +++ b/ipaserver/install/drminstance.py @@ -26,6 +26,7 @@ import tempfile from ipalib import api from ipapython import dogtag +from ipapython import ipaldap from ipapython import ipautil from ipapython import services as ipaservices from ipapython.dn import DN @@ -104,6 +105,8 @@ class DRMInstance(DogtagInstance): "A Dogtag CA must be installed first") self.step("configuring DRM instance", self.__spawn_instance) + if not self.clone: + self.step("add RA user to DRM agent group", self.__add_ra_user_to_agent_group) self.step("restarting DRM", self.restart_instance) self.step("configure certificate renewals", self.configure_renewal) self.step("Configure HTTP to proxy connections", @@ -250,6 +253,20 @@ class DRMInstance(DogtagInstance): root_logger.debug("completed creating DRM instance") + def __add_ra_user_to_agent_group(self): + """ + Add RA agent created for CA to DRM agent group. + """ + conn = ipaldap.IPAdmin(self.fqdn, self.ds_port) + conn.do_simple_bind(DN(('cn', 'Directory Manager')), self.dm_password) + + entry_dn = DN(('uid', "ipara"), ('ou', 'People'), ('o', 'ipaca')) + dn = DN(('cn', 'Data Recovery Manager Agents'), ('ou', 'groups'), self.basedn) + modlist = [(0, 'uniqueMember', '%s' % entry_dn)] + conn.modify_s(dn, modlist) + + conn.unbind() + @staticmethod def update_cert_config(nickname, cert, dogtag_constants=None): """ |