From d5723c202f45edc17c45a7f2a1970eebed259dd5 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Thu, 1 Sep 2016 10:32:18 +0200 Subject: [PATCH] custodia: force reconnect before retrieving CA certs from LDAP Force reconnect to LDAP as DS might have been restarted after the connection was opened, rendering the connection invalid. This fixes a crash in ipa-replica-install with --setup-ca. https://fedorahosted.org/freeipa/ticket/6207 Reviewed-By: Martin Basti --- ipaserver/install/custodiainstance.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py index 18bd51426cde09af6a34855a49db386a72cc6b9c..32740274ceae17eebeeb32ef5e043cf4b738ee0d 100644 --- a/ipaserver/install/custodiainstance.py +++ b/ipaserver/install/custodiainstance.py @@ -158,6 +158,8 @@ class CustodiaInstance(SimpleServiceInstance): # Add CA certificates tmpdb = CertDB(self.realm, nssdir=tmpnssdir) self.suffix = ipautil.realm_to_suffix(self.realm) + if self.admin_conn is not None: + self.ldap_disconnect() self.import_ca_certs(tmpdb, True) # Now that we gathered all certs, re-export -- 2.7.4