-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/10/2010 06:47 PM, Jakub Hrozek wrote:
> Please see attachment. The right fix would be to fix this in openldap,
> but I think we should have a workaround, at least for the time being.
> Much of the credit goes to Jan who helped me debug the issue.

Sorry, the first patch had a small bug. New one attached.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkza4GIACgkQHsardTLnvCXmOwCguBQb66ZVwmhbon49uXjta6Ut
s18AoOS51Y3vj6jkNQCnfAqAz+H9F+ec
=0+ET
-----END PGP SIGNATURE-----
From 7e0e6e2ea716ef276db90d91b9ba30d832a7afbb Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Wed, 10 Nov 2010 17:33:02 -0500
Subject: [PATCH] Set CACERTDIR during install to work around openldap bug

Even though ldap.conf(5) claims that LDAPTLS_CACERT takes precedence over
LDAPTLS_CACERTDIR, this seems to be broken in F14. This patch works around
the issue by setting both into the environment.

https://fedorahosted.org/freeipa/ticket/467
---
 ipaserver/install/dsinstance.py |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index b6fcb4e..89613bc 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -497,7 +497,9 @@ class DsInstance(service.Service):
                     "-y", dmpwdfile, "-T", admpwdfile,
                     "uid=admin,cn=users,cn=accounts,"+self.suffix]
             try:
-                ipautil.run(args, env = { 'LDAPTLS_CACERT':CACERT })
+                env = { 'LDAPTLS_CACERTDIR':os.path.dirname(CACERT),
+                        'LDAPTLS_CACERT':CACERT }
+                ipautil.run(args, env=env)
                 logging.debug("ldappasswd done")
             except ipautil.CalledProcessError, e:
                 print "Unable to set admin password", e
-- 
1.7.3.2

Attachment: freeipa-jhrozek-012-Set-CACERTDIR-during-install-to-work-around-openldap.patch.sig
Description: PGP signature

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to