[Freeipa-devel] [freeipa PR#41] Postpone enabling LDAPS in replica promotion (opened)

Wed, 31 Aug 2016 05:44:01 -0700 

tomaskrizek's pull request #41: "Postpone enabling LDAPS in replica promotion" 
was opened

PR body:
"""
Fixes a bug that prevented ipa-replica-install with CA, because
LDAPS was configured before the SSL cerificate was assigned.

https://fedorahosted.org/freeipa/ticket/6226
"""

See the full pull-request at https://github.com/freeipa/freeipa/pull/41
... or pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/41/head:pr41
git checkout pr41

From cffb2ca4051a64ea57f1a2019d9c413636f35124 Mon Sep 17 00:00:00 2001
From: Tomas Krizek <tkri...@redhat.com>
Date: Wed, 31 Aug 2016 14:41:38 +0200
Subject: [PATCH] Postpone enabling LDAPS in replica promotion

Fixes a bug that prevented ipa-replica-install with CA, because
LDAPS was configured before the SSL cerificate was assigned.

https://fedorahosted.org/freeipa/ticket/6226
---
 ipaserver/install/dsinstance.py            | 1 -
 ipaserver/install/server/replicainstall.py | 3 +++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 8e26485..26cd246 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -395,7 +395,6 @@ def create_replica(self, realm_name, master_fqdn, fqdn,
             self.step("creating DS keytab", self.__get_ds_keytab)
             if self.ca_is_configured:
                 self.step("retrieving DS Certificate", self.__get_ds_cert)
-            self.step("configuring ssl for ds instance", self.__enable_ssl)
             self.step("restarting directory server", self.__restart_instance)
 
         self.step("setting up initial replication", self.__setup_replica)
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index c73600c..77d75b3 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1476,6 +1476,9 @@ def promote(installer):
         cainstance.export_kra_agent_pem()
         CA.fix_ra_perms()
 
+    # we now need to enable ssl on the ds
+    ds.enable_ssl()
+
     krb = install_krb(config,
                       setup_pkinit=not options.no_pkinit,
                       promote=True)

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to