From d5723c202f45edc17c45a7f2a1970eebed259dd5 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Thu, 1 Sep 2016 10:32:18 +0200
Subject: [PATCH] custodia: force reconnect before retrieving CA certs from
 LDAP

Force reconnect to LDAP as DS might have been restarted after the
connection was opened, rendering the connection invalid.

This fixes a crash in ipa-replica-install with --setup-ca.

https://fedorahosted.org/freeipa/ticket/6207

Reviewed-By: Martin Basti <mbasti@redhat.com>
---
 ipaserver/install/custodiainstance.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py
index 18bd51426cde09af6a34855a49db386a72cc6b9c..32740274ceae17eebeeb32ef5e043cf4b738ee0d 100644
--- a/ipaserver/install/custodiainstance.py
+++ b/ipaserver/install/custodiainstance.py
@@ -158,6 +158,8 @@ class CustodiaInstance(SimpleServiceInstance):
             # Add CA certificates
             tmpdb = CertDB(self.realm, nssdir=tmpnssdir)
             self.suffix = ipautil.realm_to_suffix(self.realm)
+            if self.admin_conn is not None:
+                self.ldap_disconnect()
             self.import_ca_certs(tmpdb, True)
 
             # Now that we gathered all certs, re-export
-- 
2.7.4