jcholast's pull request #45: "custodia: force reconnect before retrieving CA certs from LDAP" was opened
PR body: """ Force reconnect to LDAP as DS might have been restarted after the connection was opened, rendering the connection invalid. This fixes a crash in ipa-replica-install with --setup-ca. https://fedorahosted.org/freeipa/ticket/6207 """ See the full pull-request at https://github.com/freeipa/freeipa/pull/45 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/45/head:pr45 git checkout pr45
From 903aa2c43e5c165cea20ba4c215c4f65290ad0a5 Mon Sep 17 00:00:00 2001 From: Jan Cholasta <jchol...@redhat.com> Date: Thu, 1 Sep 2016 10:32:18 +0200 Subject: [PATCH] custodia: force reconnect before retrieving CA certs from LDAP Force reconnect to LDAP as DS might have been restarted after the connection was opened, rendering the connection invalid. This fixes a crash in ipa-replica-install with --setup-ca. https://fedorahosted.org/freeipa/ticket/6207 --- ipaserver/install/custodiainstance.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py index 18bd514..3274027 100644 --- a/ipaserver/install/custodiainstance.py +++ b/ipaserver/install/custodiainstance.py @@ -158,6 +158,8 @@ def __get_keys(self, ca_host, cacerts_file, cacerts_pwd, data): # Add CA certificates tmpdb = CertDB(self.realm, nssdir=tmpnssdir) self.suffix = ipautil.realm_to_suffix(self.realm) + if self.admin_conn is not None: + self.ldap_disconnect() self.import_ca_certs(tmpdb, True) # Now that we gathered all certs, re-export
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code