URL: https://github.com/freeipa/freeipa/pull/620
Author: felipevolpone
 Title: #620: [WIP] Fixing 6549
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/620/head:pr620
git checkout pr620
From f4cd0e03cf9f56167a59329bbd59c2aafba6022f Mon Sep 17 00:00:00 2001
From: felipe <fbarreto@localhost.localdomain>
Date: Mon, 20 Mar 2017 13:59:34 -0300
Subject: [PATCH] Fixing the replica install against IPA 3.0.0 master. Now, at
 the domain level 0, the replica install always uses Directory Manager
 credentials to create the LDAP connection.

---
 ipaserver/install/server/replicainstall.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index b4463fd..5e5cbb5 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1391,7 +1391,14 @@ def install(installer):
     dsinstance.create_ds_user()
 
     try:
-        conn.connect(ccache=ccache)
+        if promote:
+            conn.connect(ccache=ccache)
+        else:
+            # Domain level 0 replica install should always use Directory
+            # manager credentials to create remote LDAP connection.
+            conn.connect(bind_dn=ipaldap.DIRMAN_DN, cacert=cafile,
+                         bind_pw=config.dirman_password)
+
         # Update and istall updated CA file
         cafile = install_ca_cert(conn, api.env.basedn, api.env.realm, cafile)
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to