URL: https://github.com/freeipa/freeipa/pull/1549
Author: tiran
 Title: #1549: [Backport][ipa-4-6] Update existing 389-DS cn=RSA,cn=encryption 
config
Action: opened

PR body:
"""
This PR was opened automatically because PR #1547 was pushed to master and 
backport to ipa-4-6 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1549/head:pr1549
git checkout pr1549
From 194d7175ad27756910bb833df959d8d9d6b0ef53 Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Thu, 8 Feb 2018 12:23:27 +0100
Subject: [PATCH] Update existing 389-DS cn=RSA,cn=encryption config

389-DS >= 1.4.0 on Fedora 28 has a default entry for
cn=RSA,cn=encryption,cn=config. The installer now updates the entry in
case it already exists. This ensures that token and personality are
correct for freeIPA

Fixes: https://pagure.io/freeipa/issue/7393
Signed-off-by: Christian Heimes <chei...@redhat.com>
---
 ipaserver/install/dsinstance.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index f1c866136c..2493b8a54e 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -878,7 +878,11 @@ def __enable_ssl(self):
             nsSSLToken=["internal (software)"],
             nsSSLActivation=["on"],
         )
-        conn.add_entry(entry)
+        try:
+            conn.add_entry(entry)
+        except errors.DuplicateEntry:
+            # 389-DS >= 1.4.0 has a default entry, update it.
+            conn.update_entry(entry)
 
         conn.unbind()
 
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to