Only restart DS when duplicate cacrt was found

The update_fix_duplicate_cacrt_in_ldap plugin no longer restarts DS when
CA is disabled or no duplicate cacrt entry was dedected.

Related: https://pagure.io/freeipa/issue/7125
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
This commit is contained in:
Christian Heimes 2020-09-11 14:57:40 +02:00 committed by Rob Crittenden
parent 21186540f0
commit 0a2b6ca6ee

View File

@ -35,16 +35,16 @@ class update_fix_duplicate_cacrt_in_ldap(Updater):
""" """
When multiple entries exist for IPA CA cert in ldap, remove the duplicate When multiple entries exist for IPA CA cert in ldap, remove the duplicate
After this plugin, ds needs to be restarted. This ensures that After this plugin has removed duplicate entries, DS needs to be
the attribute uniqueness plugin is working and prevents restarted. This ensures that the attribute uniqueness plugin is working
other plugins from adding duplicates. and prevents other plugins from adding duplicates.
""" """
def execute(self, **options): def execute(self, **options):
# If CA is disabled, no need to check for duplicates of IPA CA # If CA is disabled, no need to check for duplicates of IPA CA
ca_enabled = self.api.Command.ca_is_enabled()['result'] ca_enabled = self.api.Command.ca_is_enabled()['result']
if not ca_enabled: if not ca_enabled:
return True, [] return False, []
# Look for the IPA CA cert subject # Look for the IPA CA cert subject
ldap = self.api.Backend.ldap2 ldap = self.api.Backend.ldap2
@ -66,7 +66,7 @@ class update_fix_duplicate_cacrt_in_ldap(Updater):
except errors.NotFound: except errors.NotFound:
# No duplicate, we're good # No duplicate, we're good
logger.debug("No duplicates for IPA CA in LDAP") logger.debug("No duplicates for IPA CA in LDAP")
return True, [] return False, []
logger.debug("Found %d entrie(s) for IPA CA in LDAP", len(result)) logger.debug("Found %d entrie(s) for IPA CA in LDAP", len(result))
cacert_dn = DN(('cn', get_ca_nickname(self.api.env.realm)), base_dn) cacert_dn = DN(('cn', get_ca_nickname(self.api.env.realm)), base_dn)