2e9388
From 87f6b21c9bc837cf90fc8b9d0708aeff060e48f3 Mon Sep 17 00:00:00 2001
2e9388
From: David Kupka <dkupka@redhat.com>
2e9388
Date: Mon, 23 Nov 2015 06:38:17 +0000
2e9388
Subject: [PATCH] ipa-cacert-renew: Fix connection to ldap.
2e9388
2e9388
https://fedorahosted.org/freeipa/ticket/5468
2e9388
2e9388
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2e9388
---
2e9388
 ipaserver/install/ipa_cacert_manage.py | 32 ++++++++++++++------------------
2e9388
 1 file changed, 14 insertions(+), 18 deletions(-)
2e9388
2e9388
diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py
2e9388
index 01ec805fc2094326d119827b4358c143f45f3ec4..8790b7066d7641864f8d83c6339cd0a73c620be0 100644
2e9388
--- a/ipaserver/install/ipa_cacert_manage.py
2e9388
+++ b/ipaserver/install/ipa_cacert_manage.py
2e9388
@@ -105,9 +105,7 @@ class CACertManage(admintool.AdminTool):
2e9388
 
2e9388
         if ((command == 'renew' and options.external_cert_files) or
2e9388
             command == 'install'):
2e9388
-            self.conn = self.ldap_connect()
2e9388
-        else:
2e9388
-            self.conn = None
2e9388
+            self.ldap_connect()
2e9388
 
2e9388
         try:
2e9388
             if command == 'renew':
2e9388
@@ -115,23 +113,21 @@ class CACertManage(admintool.AdminTool):
2e9388
             elif command == 'install':
2e9388
                 rc = self.install()
2e9388
         finally:
2e9388
-            if self.conn is not None:
2e9388
-                self.conn.disconnect()
2e9388
+            if api.Backend.ldap2.isconnected():
2e9388
+                api.Backend.ldap2.disconnect()
2e9388
 
2e9388
         return rc
2e9388
 
2e9388
     def ldap_connect(self):
2e9388
-        conn = ldap2(api)
2e9388
-
2e9388
         password = self.options.password
2e9388
         if not password:
2e9388
             try:
2e9388
                 ccache = krbV.default_context().default_ccache()
2e9388
-                conn.connect(ccache=ccache)
2e9388
+                api.Backend.ldap2.connect(ccache=ccache)
2e9388
             except (krbV.Krb5Error, errors.ACIError):
2e9388
                 pass
2e9388
             else:
2e9388
-                return conn
2e9388
+                return
2e9388
 
2e9388
             password = installutils.read_password(
2e9388
                 "Directory Manager", confirm=False, validate=False)
2e9388
@@ -139,9 +135,8 @@ class CACertManage(admintool.AdminTool):
2e9388
                 raise admintool.ScriptError(
2e9388
                     "Directory Manager password required")
2e9388
 
2e9388
-        conn.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=password)
2e9388
+        api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=password)
2e9388
 
2e9388
-        return conn
2e9388
 
2e9388
     def renew(self):
2e9388
         ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR)
2e9388
@@ -202,9 +197,10 @@ class CACertManage(admintool.AdminTool):
2e9388
               "--external-cert-file=/path/to/external_ca_certificate")
2e9388
 
2e9388
     def renew_external_step_2(self, ca, old_cert):
2e9388
-        print "Importing the renewed CA certificate, please wait"
2e9388
+        print("Importing the renewed CA certificate, please wait")
2e9388
 
2e9388
         options = self.options
2e9388
+        conn = api.Backend.ldap2
2e9388
         cert_file, ca_file = installutils.load_external_cert(
2e9388
             options.external_cert_files, x509.subject_base())
2e9388
 
2e9388
@@ -273,21 +269,21 @@ class CACertManage(admintool.AdminTool):
2e9388
                 except RuntimeError:
2e9388
                     break
2e9388
                 certstore.put_ca_cert_nss(
2e9388
-                    self.conn, api.env.basedn, ca_cert, nickname, ',,')
2e9388
+                    conn, api.env.basedn, ca_cert, nickname, ',,')
2e9388
 
2e9388
         dn = DN(('cn', self.cert_nickname), ('cn', 'ca_renewal'),
2e9388
                 ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
2e9388
         try:
2e9388
-            entry = self.conn.get_entry(dn, ['usercertificate'])
2e9388
+            entry = conn.get_entry(dn, ['usercertificate'])
2e9388
             entry['usercertificate'] = [cert]
2e9388
-            self.conn.update_entry(entry)
2e9388
+            conn.update_entry(entry)
2e9388
         except errors.NotFound:
2e9388
-            entry = self.conn.make_entry(
2e9388
+            entry = conn.make_entry(
2e9388
                 dn,
2e9388
                 objectclass=['top', 'pkiuser', 'nscontainer'],
2e9388
                 cn=[self.cert_nickname],
2e9388
                 usercertificate=[cert])
2e9388
-            self.conn.add_entry(entry)
2e9388
+            conn.add_entry(entry)
2e9388
         except errors.EmptyModlist:
2e9388
             pass
2e9388
 
2e9388
@@ -362,7 +358,7 @@ class CACertManage(admintool.AdminTool):
2e9388
 
2e9388
         try:
2e9388
             certstore.put_ca_cert_nss(
2e9388
-                self.conn, api.env.basedn, cert, nickname, trust_flags)
2e9388
+                api.Backend.ldap2, api.env.basedn, cert, nickname, trust_flags)
2e9388
         except ValueError, e:
2e9388
             raise admintool.ScriptError(
2e9388
                 "Failed to install the certificate: %s" % e)
2e9388
-- 
2e9388
2.4.3
2e9388