not sure if the change in2606f5aecd6ac0db31abb515b691529bb7eaf14e was a mistake or done on purpose.

Anyway:
commit 2606f5aecd6ac0db31abb515b691529bb7eaf14e

has:
-            realm, hostname, dirman_passwd, port, starttls=True)
+            realm, hostname, dirman_passwd, port)

In CSReplicationManager

which causes, e.g.:

ipa-csreplica-manage -p Secret123 list ipa.example.com
cannot connect to 'ldaps://ipa.example.com:389': TLS error -5938:Encountered end of file

Attached patch reverts it.
--
Petr Vobornik
From 2ef72f13e5c819da0d2fbc67244c8c773f0c61cc Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvobo...@redhat.com>
Date: Fri, 16 Oct 2015 15:57:59 +0200
Subject: [PATCH] use starttls in CSReplicationManager connection again

commit 2606f5aecd6ac0db31abb515b691529bb7eaf14e

has:
-            realm, hostname, dirman_passwd, port, starttls=True)
+            realm, hostname, dirman_passwd, port)

In CSReplicationManager

which causes, e.g.:

ipa-csreplica-manage -p Secret123 list ipa.example.com
cannot connect to 'ldaps://ipa.example.com:389': TLS error -5938:Encountered end of file
---
 ipaserver/install/replication.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index ff4af2a4d879f8ccf584f3b7dc6919acf3f3d0d1..4575667722f1359de924f261a8a0ea6585769140 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -1717,7 +1717,7 @@ class CSReplicationManager(ReplicationManager):
 
     def __init__(self, realm, hostname, dirman_passwd, port):
         super(CSReplicationManager, self).__init__(
-            realm, hostname, dirman_passwd, port)
+            realm, hostname, dirman_passwd, port, starttls=True)
         self.db_suffix = DN(('o', 'ipaca'))
         self.hostnames = [] # set before calling or agreement_dn() will fail
 
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to