From a24178a743e7a90ca80702207345a398bf8074ad Mon Sep 17 00:00:00 2001

From: Christian Heimes <cheimes@redhat.com>

Date: Fri, 29 Jun 2018 11:08:45 +0200

Subject: [PATCH] Catch ACIError instead of invalid credentials

ipaldap's LDAPClient client turns INVALID_CREDENTIAL error into

ACIError. Catch the ACIError and wait until the user has been

replicated.

Apparently no manual or automated test ran into the timeout during

testing.

Fixes: Fixes: https://pagure.io/freeipa/issue/7593

Signed-off-by: Christian Heimes <cheimes@redhat.com>

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

---

 ipaserver/install/dogtaginstance.py | 3 ++-

 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py

index 5b2c30f8a1b7e932ce1cca3ca38f5962a3d54266..437029315cb6774ce9057baafda27cdb68454b49 100644

--- a/ipaserver/install/dogtaginstance.py

+++ b/ipaserver/install/dogtaginstance.py

@@ -471,7 +471,8 @@ class DogtagInstance(service.Service):

             time.sleep(1)

             try:

                 master_conn.simple_bind(self.admin_dn, self.admin_password)

-            except ldap.INVALID_CREDENTIALS:

+            except errors.ACIError:

+                # user not replicated yet

                 pass

             else:

                 logger.debug("Successfully logged in as %s", self.admin_dn)

-- 

2.17.1