Support initializing memberof during replication re-init using GSSAPI
The last step of a replication re-initiailization is to run the memberof
task. The current function would only authenticate using simple auth to
monitor the task but we may be doing this using admin GSSAPI credentials
so support that type of bind as well.
In short this fixes:
# kinit admin
# ipa-replica-manage re-initialize --from=master.example.com
https://fedorahosted.org/freeipa/ticket/1248
rob
From 03041ce515145a766c079fbb39a5d979b1c40d36 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Fri, 10 Jun 2011 16:30:13 -0400
Subject: [PATCH] Support initializing memberof during replication re-init using
GSSAPI
The last step of a replication re-initiailization is to run the
memberof task. The current function would only authenticate using simple
auth to monitor the task but we may be doing this using admin GSSAPI
credentials so support that type of bind as well.
In short this fixes:
# kinit admin
# ipa-replica-manage re-initialize --from=master.example.com
https://fedorahosted.org/freeipa/ticket/1248
---
ipaserver/install/dsinstance.py |5 -
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index a3b508a..574a5af 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -441,7 +441,10 @@ class DsInstance(service.Service):
dn = cn=IPA install %s,cn=memberof task,cn=tasks,cn=config % self.sub_dict[TIME]
logging.debug(Waiting for memberof task to complete.)
conn = ipaldap.IPAdmin(127.0.0.1)
-conn.simple_bind_s(cn=directory manager, self.dm_password)
+if self.dm_password:
+conn.simple_bind_s(cn=directory manager, self.dm_password)
+else:
+conn.do_sasl_gssapi_bind()
conn.checkTask(dn, dowait=True)
conn.unbind()
--
1.7.4
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel