From 699104cf8b8d0ec2570b3801e86c6a358343527a Mon Sep 17 00:00:00 2001

From: Christian Heimes <cheimes@redhat.com>

Date: Fri, 29 Jun 2018 11:08:45 +0200

Subject: [PATCH] Catch ACIError instead of invalid credentials

ipaldap's LDAPClient client turns INVALID_CREDENTIAL error into

ACIError. Catch the ACIError and wait until the user has been

replicated.

Apparently no manual or automated test ran into the timeout during

testing.

Fixes: Fixes: https://pagure.io/freeipa/issue/7593

Signed-off-by: Christian Heimes <cheimes@redhat.com>

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

---

 ipaserver/install/dogtaginstance.py | 3 ++-

 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py

index 960b8cc7ce495bf5ca359f72b46aa0d43ccec5c3..1f9742b287f58ed117aba627ad85ac3ced4b2645 100644

--- a/ipaserver/install/dogtaginstance.py

+++ b/ipaserver/install/dogtaginstance.py

@@ -468,7 +468,8 @@ class DogtagInstance(service.Service):

             time.sleep(1)

             try:

                 master_conn.simple_bind(self.admin_dn, self.admin_password)

-            except ldap.INVALID_CREDENTIALS:

+            except errors.ACIError:

+                # user not replicated yet

                 pass

             else:

                 self.log.debug("Successfully logged in as %s", self.admin_dn)

-- 

2.17.1