This makes a benign "CRITICAL" message in ipa-server-install go away.

https://fedorahosted.org/freeipa/ticket/3375

--
PetrĀ³
From 04a66e489d36dcc909ae40758c7ecf7aceced4e3 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pvikt...@redhat.com>
Date: Thu, 24 Jan 2013 11:11:03 -0500
Subject: [PATCH] Add the CA cert to LDAP after the CA install

The DS is installed before the CA cert is generated. Trying to
add the cert to LDAP before it exists resulted in a nasty-looking
error message.

This moves the cert upload to after the CA cert is ready and the
certdb is created.

Move the cert upload to after thecertdb is generated.

https://fedorahosted.org/freeipa/ticket/3375
---
 install/tools/ipa-server-install |    3 +++
 ipaserver/install/dsinstance.py  |    3 +--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 9bb4046159760c9277da4d78abac2eff11c76c66..15591071b0983511394a2cba3d829e1b84fe328e 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -1030,6 +1030,9 @@ def main():
             ca.enable_client_auth_to_db()
             ca.restart()
 
+    # Upload the CA cert to the directory
+    ds.upload_ca_cert()
+
     # Create a kerberos instance
     if options.pkinit_pin:
         [pw_fd, pw_name] = tempfile.mkstemp()
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 76ef68726527e25d9b097c79f298692380cdaeb2..367496f18ae98fcae9b7cde15e515f44abe6d233 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -262,7 +262,6 @@ class DsInstance(service.Service):
         self.step("adding range check plugin", self.__add_range_check_plugin)
         if hbac_allow:
             self.step("creating default HBAC rule allow_all", self.add_hbac)
-        self.step("Upload CA cert to the directory", self.__upload_ca_cert)
 
         self.__common_post_setup()
 
@@ -589,7 +588,7 @@ class DsInstance(service.Service):
         # check for open secure port 636 from now on
         self.open_ports.append(636)
 
-    def __upload_ca_cert(self):
+    def upload_ca_cert(self):
         """
         Upload the CA certificate in DER form in the LDAP directory.
         """
-- 
1.7.7.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to