Hello,

This patch addresses ticket https://fedorahosted.org/freeipa/ticket/3783.

-- 
Regards,

Ana Krivokapic
Associate Software Engineer
FreeIPA team
Red Hat Inc.

From 0d31b4bd6fc5f5fcb11d0d87bc2f0266a50d351d Mon Sep 17 00:00:00 2001
From: Ana Krivokapic <akriv...@redhat.com>
Date: Mon, 29 Jul 2013 18:33:09 +0200
Subject: [PATCH] Handle --subject option in ipa-server-install

Properly handle --subject option of ipa-server-install, making sure this
value gets passed to certmap.conf. Introduce a new template variable
$SUBJECT_BASE for this purpose.

https://fedorahosted.org/freeipa/ticket/3783
---
 install/share/certmap.conf.template | 4 ++--
 install/tools/ipa-upgradeconfig     | 2 ++
 ipaserver/install/dsinstance.py     | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/install/share/certmap.conf.template b/install/share/certmap.conf.template
index cff3a669b8946223b62e4fda00dbfa21d98245cd..7beb5070fbff2f7fe614eba8669d48578d52059c 100644
--- a/install/share/certmap.conf.template
+++ b/install/share/certmap.conf.template
@@ -1,4 +1,4 @@
-# VERSION 1 - DO NOT REMOVE THIS LINE
+# VERSION 2 - DO NOT REMOVE THIS LINE
 #
 # This file is managed by IPA and will be overwritten on upgrades.
 
@@ -84,6 +84,6 @@ certmap default         default
 #default:InitFn         <Init function's name>
 default:DNComps
 default:FilterComps     uid
-certmap ipaca           CN=Certificate Authority,O=$REALM
+certmap ipaca           CN=Certificate Authority,$SUBJECT_BASE
 ipaca:CmapLdapAttr      seeAlso
 ipaca:verifycert        on
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index de17c5b23d79f31e8571a3400d44397630cadada..a2625e6198bcff0811c482e479c8af10716dcea1 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -37,6 +37,7 @@ import ipalib.util
 import ipalib.errors
 from ipapython import ipautil, sysrestore, version, services
 from ipapython.config import IPAOptionParser
+from ipapython.dn import DN
 from ipapython.ipa_log_manager import *
 from ipapython import certmonger
 from ipapython import dogtag
@@ -894,6 +895,7 @@ def main():
     configured_constants = dogtag.configured_constants()
     sub_dict = dict(
         REALM=api.env.realm,
+        SUBJECT_BASE=str(DN(('O', api.env.realm))),
         FQDN=fqdn,
         AUTOREDIR='' if auto_redirect else '#',
         CRL_PUBLISH_PATH=configured_constants.CRL_PUBLISH_PATH,
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index e48ced4b8653863f377debe206594e304a80d11e..95106e01938843805108079d8eeb2aafd38d2702 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -653,7 +653,7 @@ def __certmap_conf(self):
         shutil.copyfile(ipautil.SHARE_DIR + "certmap.conf.template",
                         config_dirname(self.serverid) + "certmap.conf")
         installutils.update_file(config_dirname(self.serverid) + "certmap.conf",
-                                 '$REALM', self.realm_name)
+                                 '$SUBJECT_BASE', str(self.subject_base))
 
     def __enable_ldapi(self):
         self._ldap_mod("ldapi.ldif", self.sub_dict)
-- 
1.8.1.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to