From ea3848ae6729fda734ec60167129f4cae5253a44 Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Wed, 18 Jan 2017 13:56:24 +0100
Subject: [PATCH] Wait until HTTPS principal entry is replicated to replica

Without HTTP principal the steps later fails.

https://fedorahosted.org/freeipa/ticket/6588

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
---
 ipaserver/install/server/replicainstall.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index f54ff7da06c57b9c8251429cbdacc5c300805f84..2a1c290351d8ce1dade5eea2f67539659555af2e 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -36,7 +36,7 @@ from ipaserver.install import (
 from ipaserver.install.installutils import (
     create_replica_config, ReplicaConfig, load_pkcs12, is_ipa_configured)
 from ipaserver.install.replication import (
-    ReplicationManager, replica_conn_check)
+    ReplicationManager, replica_conn_check, wait_for_entry)
 import SSSDConfig
 from subprocess import CalledProcessError
 from binascii import hexlify
@@ -86,6 +86,14 @@ def install_http_certs(config, fstore, remote_api):
                                         config.master_host_name,
                                         paths.IPA_KEYTAB,
                                         force_service_add=True)
+    dn = DN(
+        ('krbprincipalname', principal),
+        api.env.container_service, api.env.basedn
+    )
+    conn = ipaldap.IPAdmin(realm=config.realm_name, ldapi=True)
+    conn.do_external_bind()
+    wait_for_entry(conn, dn)
+    conn.unbind()
 
     # Obtain certificate for the HTTP service
     nssdir = certs.NSS_DIR
-- 
2.9.3