Blob Blame History Raw
From 87f6b21c9bc837cf90fc8b9d0708aeff060e48f3 Mon Sep 17 00:00:00 2001
From: David Kupka <dkupka@redhat.com>
Date: Mon, 23 Nov 2015 06:38:17 +0000
Subject: [PATCH] ipa-cacert-renew: Fix connection to ldap.

https://fedorahosted.org/freeipa/ticket/5468

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
---
 ipaserver/install/ipa_cacert_manage.py | 32 ++++++++++++++------------------
 1 file changed, 14 insertions(+), 18 deletions(-)

diff --git a/ipaserver/install/ipa_cacert_manage.py b/ipaserver/install/ipa_cacert_manage.py
index 01ec805fc2094326d119827b4358c143f45f3ec4..8790b7066d7641864f8d83c6339cd0a73c620be0 100644
--- a/ipaserver/install/ipa_cacert_manage.py
+++ b/ipaserver/install/ipa_cacert_manage.py
@@ -105,9 +105,7 @@ class CACertManage(admintool.AdminTool):
 
         if ((command == 'renew' and options.external_cert_files) or
             command == 'install'):
-            self.conn = self.ldap_connect()
-        else:
-            self.conn = None
+            self.ldap_connect()
 
         try:
             if command == 'renew':
@@ -115,23 +113,21 @@ class CACertManage(admintool.AdminTool):
             elif command == 'install':
                 rc = self.install()
         finally:
-            if self.conn is not None:
-                self.conn.disconnect()
+            if api.Backend.ldap2.isconnected():
+                api.Backend.ldap2.disconnect()
 
         return rc
 
     def ldap_connect(self):
-        conn = ldap2(api)
-
         password = self.options.password
         if not password:
             try:
                 ccache = krbV.default_context().default_ccache()
-                conn.connect(ccache=ccache)
+                api.Backend.ldap2.connect(ccache=ccache)
             except (krbV.Krb5Error, errors.ACIError):
                 pass
             else:
-                return conn
+                return
 
             password = installutils.read_password(
                 "Directory Manager", confirm=False, validate=False)
@@ -139,9 +135,8 @@ class CACertManage(admintool.AdminTool):
                 raise admintool.ScriptError(
                     "Directory Manager password required")
 
-        conn.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=password)
+        api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=password)
 
-        return conn
 
     def renew(self):
         ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR)
@@ -202,9 +197,10 @@ class CACertManage(admintool.AdminTool):
               "--external-cert-file=/path/to/external_ca_certificate")
 
     def renew_external_step_2(self, ca, old_cert):
-        print "Importing the renewed CA certificate, please wait"
+        print("Importing the renewed CA certificate, please wait")
 
         options = self.options
+        conn = api.Backend.ldap2
         cert_file, ca_file = installutils.load_external_cert(
             options.external_cert_files, x509.subject_base())
 
@@ -273,21 +269,21 @@ class CACertManage(admintool.AdminTool):
                 except RuntimeError:
                     break
                 certstore.put_ca_cert_nss(
-                    self.conn, api.env.basedn, ca_cert, nickname, ',,')
+                    conn, api.env.basedn, ca_cert, nickname, ',,')
 
         dn = DN(('cn', self.cert_nickname), ('cn', 'ca_renewal'),
                 ('cn', 'ipa'), ('cn', 'etc'), api.env.basedn)
         try:
-            entry = self.conn.get_entry(dn, ['usercertificate'])
+            entry = conn.get_entry(dn, ['usercertificate'])
             entry['usercertificate'] = [cert]
-            self.conn.update_entry(entry)
+            conn.update_entry(entry)
         except errors.NotFound:
-            entry = self.conn.make_entry(
+            entry = conn.make_entry(
                 dn,
                 objectclass=['top', 'pkiuser', 'nscontainer'],
                 cn=[self.cert_nickname],
                 usercertificate=[cert])
-            self.conn.add_entry(entry)
+            conn.add_entry(entry)
         except errors.EmptyModlist:
             pass
 
@@ -362,7 +358,7 @@ class CACertManage(admintool.AdminTool):
 
         try:
             certstore.put_ca_cert_nss(
-                self.conn, api.env.basedn, cert, nickname, trust_flags)
+                api.Backend.ldap2, api.env.basedn, cert, nickname, trust_flags)
         except ValueError, e:
             raise admintool.ScriptError(
                 "Failed to install the certificate: %s" % e)
-- 
2.4.3