Thank you again for your answer Alexander. A last question : I'm setting up a python virtual environment for an old project that I need to maintain without any modification. This old project use currently an ipa 3.0 on a physical RHEL 6.6 using python 2.6.6. I'm trying to create the python environment using python 2.6 for the project because the server will soon be upgraded in RHEL7.
I'm using ipalib to perform ipa user-show etc... command directly in python. But I get an "(SEC_ERROR_UNTRUSTED_ISSUER) Peer's certificate issuer has been marked as not trusted by the user." when I try to use it. Pretty sure this is related with my ca.crt file being not found. Any hope there is a way to check the default path which is used by the ca.crt file ? Best regards. Lune Le ven. 23 août 2019 à 15:41, Alexander Bokovoy <[email protected]> a écrit : > On pe, 23 elo 2019, lune voo wrote: > >Hello Alexander. > > > >Thank you for your answer. > >Do you know if I will have any problem with the certificate to connect to > >the server ? > >Generally there is a ca.crt in /etc/ipa/ca.crt, does it need to be > included > >in the virtual environment also ? > > See manual page for ipa(1) tool, it documents use of IPA_CONFDIR to > specify /etc/ipa location. However, /etc/ipa/ca.crt is not configurable > this way, only through ipaplatform.paths.IPA_CA_CRT value. > > $ python3 > Python 3.7.4 (default, Jul 9 2019, 16:32:37) > [GCC 9.1.1 20190503 (Red Hat 9.1.1-1)] on linux > Type "help", "copyright", "credits" or "license" for more information. > >>> from ipaplatform.paths import paths > >>> paths.IPA_CA_CRT > '/etc/ipa/ca.crt' > >>> paths.IPA_CA_CRT="./my.ca.crt" > >>> from ipaclient.discovery import IPADiscovery > >>> discover = IPADiscovery() > >>> discover.search("vda.li", ca_cert_path=paths.IPA_CA_CRT) > 0 > >>> discover.realm > 'VDA.LI' > >>> discover.basedn > ipapython.dn.DN('dc=vda,dc=li') > >>> > > So, for most of Python code you can redefine paths. But for ipa-join and > other binaries you cannot. > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
