From ea3848ae6729fda734ec60167129f4cae5253a44 Mon Sep 17 00:00:00 2001

From: Martin Basti <mbasti@redhat.com>

Date: Wed, 18 Jan 2017 13:56:24 +0100

Subject: [PATCH] Wait until HTTPS principal entry is replicated to replica

Without HTTP principal the steps later fails.

https://fedorahosted.org/freeipa/ticket/6588

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>

---

 ipaserver/install/server/replicainstall.py | 10 +++++++++-

 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py

index f54ff7da06c57b9c8251429cbdacc5c300805f84..2a1c290351d8ce1dade5eea2f67539659555af2e 100644

--- a/ipaserver/install/server/replicainstall.py

+++ b/ipaserver/install/server/replicainstall.py

@@ -36,7 +36,7 @@ from ipaserver.install import (

 from ipaserver.install.installutils import (

     create_replica_config, ReplicaConfig, load_pkcs12, is_ipa_configured)

 from ipaserver.install.replication import (

-    ReplicationManager, replica_conn_check)

+    ReplicationManager, replica_conn_check, wait_for_entry)

 import SSSDConfig

 from subprocess import CalledProcessError

 from binascii import hexlify

@@ -86,6 +86,14 @@ def install_http_certs(config, fstore, remote_api):

                                         config.master_host_name,

                                         paths.IPA_KEYTAB,

                                         force_service_add=True)

+    dn = DN(

+        ('krbprincipalname', principal),

+        api.env.container_service, api.env.basedn

+    )

+    conn = ipaldap.IPAdmin(realm=config.realm_name, ldapi=True)

+    conn.do_external_bind()

+    wait_for_entry(conn, dn)

+    conn.unbind()

     # Obtain certificate for the HTTP service

     nssdir = certs.NSS_DIR

-- 

2.9.3