URL: https://github.com/freeipa/freeipa/pull/620 Author: felipevolpone Title: #620: [WIP] Fixing 6549 Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/620/head:pr620 git checkout pr620
From 86510b8f703a104324c772e8bd5dbc86977db9fe Mon Sep 17 00:00:00 2001 From: felipe <fbarreto@localhost.localdomain> Date: Fri, 17 Mar 2017 14:31:16 -0300 Subject: [PATCH 1/2] https://pagure.io/freeipa/issue/6549 Changing replicainstall to check the domain level and then, connect via ldap (using the right credentials). --- ipaserver/install/server/replicainstall.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index b4463fd..5da2850 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -1391,7 +1391,14 @@ def install(installer): dsinstance.create_ds_user() try: - conn.connect(ccache=ccache) + conn.connect(bind_dn=ipaldap.DIRMAN_DN, bind_pw=config.dirman_password, + cacert=cafile) + + domain_level = current_domain_level(remote_api) + if domain_level != 0: + conn.disconnect() + conn.connect(ccache=ccache) + # Update and istall updated CA file cafile = install_ca_cert(conn, api.env.basedn, api.env.realm, cafile) From 867154e0299312456e9565dd2b0a482be4501a7d Mon Sep 17 00:00:00 2001 From: felipe <fbarreto@localhost.localdomain> Date: Fri, 17 Mar 2017 17:27:15 -0300 Subject: [PATCH 2/2] Using the promote variable to check the domain_level --- ipaserver/install/server/replicainstall.py | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 5da2850..e2a713d 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -1391,13 +1391,11 @@ def install(installer): dsinstance.create_ds_user() try: - conn.connect(bind_dn=ipaldap.DIRMAN_DN, bind_pw=config.dirman_password, - cacert=cafile) - - domain_level = current_domain_level(remote_api) - if domain_level != 0: - conn.disconnect() + if promote: conn.connect(ccache=ccache) + else: + conn.connect(bind_dn=ipaldap.DIRMAN_DN, cacert=cafile, + bind_pw=config.dirman_password) # Update and istall updated CA file cafile = install_ca_cert(conn, api.env.basedn, api.env.realm, cafile)
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code