-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/10/2010 06:47 PM, Jakub Hrozek wrote: > Please see attachment. The right fix would be to fix this in openldap, > but I think we should have a workaround, at least for the time being. > Much of the credit goes to Jan who helped me debug the issue.
Sorry, the first patch had a small bug. New one attached. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkza4GIACgkQHsardTLnvCXmOwCguBQb66ZVwmhbon49uXjta6Ut s18AoOS51Y3vj6jkNQCnfAqAz+H9F+ec =0+ET -----END PGP SIGNATURE-----
From 7e0e6e2ea716ef276db90d91b9ba30d832a7afbb Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <[email protected]> Date: Wed, 10 Nov 2010 17:33:02 -0500 Subject: [PATCH] Set CACERTDIR during install to work around openldap bug Even though ldap.conf(5) claims that LDAPTLS_CACERT takes precedence over LDAPTLS_CACERTDIR, this seems to be broken in F14. This patch works around the issue by setting both into the environment. https://fedorahosted.org/freeipa/ticket/467 --- ipaserver/install/dsinstance.py | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index b6fcb4e..89613bc 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -497,7 +497,9 @@ class DsInstance(service.Service): "-y", dmpwdfile, "-T", admpwdfile, "uid=admin,cn=users,cn=accounts,"+self.suffix] try: - ipautil.run(args, env = { 'LDAPTLS_CACERT':CACERT }) + env = { 'LDAPTLS_CACERTDIR':os.path.dirname(CACERT), + 'LDAPTLS_CACERT':CACERT } + ipautil.run(args, env=env) logging.debug("ldappasswd done") except ipautil.CalledProcessError, e: print "Unable to set admin password", e -- 1.7.3.2
freeipa-jhrozek-012-Set-CACERTDIR-during-install-to-work-around-openldap.patch.sig
Description: PGP signature
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
