URL: https://github.com/freeipa/freeipa/pull/216 Author: tomaskrizek Title: #216: libexec scripts: ldap conn management Action: opened
PR body: """ Certificate renewal scripts require connection to LDAP. Properly handle connects and disconnects from LDAP. https://fedorahosted.org/freeipa/ticket/6461 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/216/head:pr216 git checkout pr216
From ab992c73a62fa9d9d213b7745fe5540d2a611bda Mon Sep 17 00:00:00 2001 From: Tomas Krizek <tkri...@redhat.com> Date: Wed, 9 Nov 2016 09:52:28 +0100 Subject: [PATCH] libexec scripts: ldap conn management Certificate renewal scripts require connection to LDAP. Properly handle connects and disconnects from LDAP. https://fedorahosted.org/freeipa/ticket/6461 --- install/certmonger/dogtag-ipa-ca-renew-agent-submit | 3 +++ install/restart_scripts/renew_ca_cert | 3 +++ install/restart_scripts/renew_ra_cert | 2 ++ 3 files changed, 8 insertions(+) diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit index f2b15cf..26a7f15 100755 --- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit +++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit @@ -476,6 +476,7 @@ def main(): api.bootstrap(in_server=True, context='renew') api.finalize() + api.Backend.ldap2.connect() operation = os.environ.get('CERTMONGER_OPERATION') if operation not in ('SUBMIT', 'POLL'): @@ -507,6 +508,8 @@ def main(): certs.renewal_lock.release() shutil.rmtree(tmpdir) + api.Backend.ldap2.disconnect() + try: sys.exit(main()) except Exception as e: diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert index 7b3c8bd..d0effb1 100644 --- a/install/restart_scripts/renew_ca_cert +++ b/install/restart_scripts/renew_ca_cert @@ -40,6 +40,7 @@ def _main(): api.bootstrap(in_server=True, context='restart') api.finalize() + api.Backend.ldap2.connect() dogtag_service = services.knownservices['pki_tomcatd'] @@ -200,6 +201,8 @@ def _main(): syslog.syslog( syslog.LOG_NOTICE, "Started %s" % dogtag_service.service_name) + api.Backend.ldap2.disconnect() + def main(): try: diff --git a/install/restart_scripts/renew_ra_cert b/install/restart_scripts/renew_ra_cert index 62c5aa6..4185b52 100644 --- a/install/restart_scripts/renew_ra_cert +++ b/install/restart_scripts/renew_ra_cert @@ -39,6 +39,7 @@ def _main(): api.bootstrap(in_server=True, context='restart') api.finalize() + api.Backend.ldap2.connect() tmpdir = tempfile.mkdtemp(prefix="tmp-") try: @@ -75,6 +76,7 @@ def _main(): else: syslog.syslog(syslog.LOG_NOTICE, "Restarted httpd") + api.Backend.ldap2.disconnect() def main(): try:
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code