pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone
Source Code
GIT

Blame SOURCES/0153-ipa-cacert-renew-Fix-connection-to-ldap.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client
  1.   f2e539214d4d2b291552fcf90fb5df88f8e5b2d5
  2.   SOURCES
  3.   0153-ipa-cacert-renew-Fix-connection-to-ldap.patch
Blob History Raw
2e9388 
From 87f6b21c9bc837cf90fc8b9d0708aeff060e48f3 Mon Sep 17 00:00:00 2001
2e9388 
From: David Kupka <dkupka@redhat.com>
2e9388 
Date: Mon, 23 Nov 2015 06:38:17 +0000
2e9388 
Subject: [PATCH] ipa-cacert-renew: Fix connection to ldap.
2e9388
2e9388 
https://fedorahosted.org/freeipa/ticket/5468
2e9388
2e9388 
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2e9388 
---
2e9388 
 ipaserver/install/ipa_cacert_manage.py | 32 ++++++++++++++------------------
2e9388 
 1 file changed, 14 insertions(+), 18 deletions(-)
2e9388
2e9388 
diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py
2e9388 
index 01ec805fc2094326d119827b4358c143f45f3ec4..8790b7066d7641864f8d83c6339cd0a73c620be0 100644
2e9388 
--- a/ipaserver/install/ipa_cacert_manage.py
2e9388 
+++ b/ipaserver/install/ipa_cacert_manage.py
2e9388 
@@ -105,9 +105,7 @@ class CACertManage(admintool.AdminTool):
2e9388
2e9388 
         if ((command == 'renew' and options.external_cert_files) or
2e9388 
             command == 'install'):
2e9388 
-            self.conn = self.ldap_connect()
2e9388 
-        else:
2e9388 
-            self.conn = None
2e9388 
+            self.ldap_connect()
2e9388
2e9388 
         try:
2e9388 
             if command == 'renew':
2e9388 
@@ -115,23 +113,21 @@ class CACertManage(admintool.AdminTool):
2e9388 
             elif command == 'install':
2e9388 
                 rc = self.install()
2e9388 
         finally:
2e9388 
-            if self.conn is not None:
2e9388 
-                self.conn.disconnect()
2e9388 
+            if api.Backend.ldap2.isconnected():
2e9388 
+                api.Backend.ldap2.disconnect()
2e9388
2e9388 
         return rc
2e9388
2e9388 
     def ldap_connect(self):
2e9388 
-        conn = ldap2(api)
2e9388 
-
2e9388 
         password = self.options.password
2e9388 
         if not password:
2e9388 
             try:
2e9388 
                 ccache = krbV.default_context().default_ccache()
2e9388 
-                conn.connect(ccache=ccache)
2e9388 
+                api.Backend.ldap2.connect(ccache=ccache)
2e9388 
             except (krbV.Krb5Error, errors.ACIError):
2e9388 
                 pass
2e9388 
             else:
2e9388 
-                return conn
2e9388 
+                return
2e9388
2e9388 
             password = installutils.read_password(
2e9388 
                 "Directory Manager", confirm=False, validate=False)
2e9388 
@@ -139,9 +135,8 @@ class CACertManage(admintool.AdminTool):
2e9388 
                 raise admintool.ScriptError(
2e9388 
                     "Directory Manager password required")
2e9388
2e9388 
-        conn.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=password)
2e9388 
+        api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=password)
2e9388
2e9388 
-        return conn
2e9388
2e9388 
     def renew(self):
2e9388 
         ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR)
2e9388 
@@ -202,9 +197,10 @@ class CACertManage(admintool.AdminTool):
2e9388 
               "--external-cert-file=/path/to/external_ca_certificate")
2e9388
2e9388 
     def renew_external_step_2(self, ca, old_cert):
2e9388 
-        print "Importing the renewed CA certificate, please wait"
2e9388 
+        print("Importing the renewed CA certificate, please wait")
2e9388
2e9388 
         options = self.options
2e9388 
+        conn = api.Backend.ldap2
2e9388 
         cert_file, ca_file = installutils.load_external_cert(
2e9388 
             options.external_cert_files, x509.subject_base())
2e9388
2e9388 
@@ -273,21 +269,21 @@ class CACertManage(admintool.AdminTool):
2e9388 
                 except RuntimeError:
2e9388 
                     break
2e9388 
                 certstore.put_ca_cert_nss(
2e9388 
-                    self.conn, api.env.basedn, ca_cert, nickname, ',,')
2e9388 
+                    conn, api.env.basedn, ca_cert, nickname, ',,')
2e9388
2e9388 
         dn = DN(('cn', self.cert_nickname), ('cn', 'ca_renewal'),
2e9388 
                 ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
2e9388 
         try:
2e9388 
-            entry = self.conn.get_entry(dn, ['usercertificate'])
2e9388 
+            entry = conn.get_entry(dn, ['usercertificate'])
2e9388 
             entry['usercertificate'] = [cert]
2e9388 
-            self.conn.update_entry(entry)
2e9388 
+            conn.update_entry(entry)
2e9388 
         except errors.NotFound:
2e9388 
-            entry = self.conn.make_entry(
2e9388 
+            entry = conn.make_entry(
2e9388 
                 dn,
2e9388 
                 objectclass=['top', 'pkiuser', 'nscontainer'],
2e9388 
                 cn=[self.cert_nickname],
2e9388 
                 usercertificate=[cert])
2e9388 
-            self.conn.add_entry(entry)
2e9388 
+            conn.add_entry(entry)
2e9388 
         except errors.EmptyModlist:
2e9388 
             pass
2e9388
2e9388 
@@ -362,7 +358,7 @@ class CACertManage(admintool.AdminTool):
2e9388
2e9388 
         try:
2e9388 
             certstore.put_ca_cert_nss(
2e9388 
-                self.conn, api.env.basedn, cert, nickname, trust_flags)
2e9388 
+                api.Backend.ldap2, api.env.basedn, cert, nickname, trust_flags)
2e9388 
         except ValueError, e:
2e9388 
             raise admintool.ScriptError(
2e9388 
                 "Failed to install the certificate: %s" % e)
2e9388 
--
2e9388 
2.4.3
2e9388

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation