Hi, the attached patches fix <https://fedorahosted.org/freeipa/ticket/3869>.
Note that I made a slight change to the design page to reflect what ipa-server-certinstall actually does: The -d and -w options are allowed to be used simultaneously to replace both DS and HTTP certificates in one step.
Honza -- Jan Cholasta
>From 06bfc67227b18182cf6e143cc297c7856554ad9e Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Tue, 27 Aug 2013 16:06:24 +0000 Subject: [PATCH 1/2] Add --dirman-password option to ipa-server-certinstall. https://fedorahosted.org/freeipa/ticket/3869 --- install/tools/man/ipa-server-certinstall.1 | 3 +++ ipaserver/install/ipa_server_certinstall.py | 12 ++++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/install/tools/man/ipa-server-certinstall.1 b/install/tools/man/ipa-server-certinstall.1 index 0ff3aa3..f428402 100644 --- a/install/tools/man/ipa-server-certinstall.1 +++ b/install/tools/man/ipa-server-certinstall.1 @@ -39,6 +39,9 @@ Install the certificate in the Apache Web Server .TP \fB\-\-pin\fR=\fIPIN\fR The password of the PKCS#12 file +.TP +\fB\-\-dirman\-password\fR=\fIDIRMAN_PASSWORD\fR +Directory Manager password .SH "EXIT STATUS" 0 if the installation was successful diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py index bda054b..24770c4 100644 --- a/ipaserver/install/ipa_server_certinstall.py +++ b/ipaserver/install/ipa_server_certinstall.py @@ -61,6 +61,10 @@ class ServerCertInstall(admintool.AdminTool): "--dirsrv_pin", "--http_pin", dest="pin", help=optparse.SUPPRESS_HELP) + parser.add_option( + "-p", "--dirman-password", + dest="dirman_password", + help="Directory Manager password") def validate_options(self): super(ServerCertInstall, self).validate_options(needs_root=True) @@ -76,10 +80,10 @@ class ServerCertInstall(admintool.AdminTool): def ask_for_options(self): super(ServerCertInstall, self).ask_for_options() - if self.options.dirsrv: - self.dm_password = installutils.read_password( + if self.options.dirsrv and not self.options.dirman_password: + self.options.dirman_password = installutils.read_password( "Directory Manager", confirm=False, validate=False, retry=False) - if self.dm_password is None: + if self.options.dirman_password is None: raise admintool.ScriptError( "Directory Manager password required") @@ -108,7 +112,7 @@ class ServerCertInstall(admintool.AdminTool): conn = ldap2(shared_instance=False, base_dn='') conn.connect(bind_dn=DN(('cn', 'directory manager')), - bind_pw=self.dm_password) + bind_pw=self.options.dirman_password) entry = conn.get_entry(DN(('cn', 'RSA'), ('cn', 'encryption'), ('cn', 'config')), -- 1.8.3.1
>From 92bc4126765646ffed87ddb83aa8c36b07a527e2 Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Tue, 27 Aug 2013 16:17:02 +0000 Subject: [PATCH 2/2] Fix ipa-server-certinstall usage string. https://fedorahosted.org/freeipa/ticket/3869 --- ipaserver/install/ipa_server_certinstall.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py index 24770c4..a9563e0 100644 --- a/ipaserver/install/ipa_server_certinstall.py +++ b/ipaserver/install/ipa_server_certinstall.py @@ -37,7 +37,7 @@ CACERT = "/etc/ipa/ca.crt" class ServerCertInstall(admintool.AdminTool): command_name = 'ipa-server-certinstall' - usage = "%prog [options]" + usage = "%prog <-d|-w> [options] <PKCS#12 file>" description = "Install new SSL server certificates." -- 1.8.3.1
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel