mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
Only restart DS when duplicate cacrt was found
The update_fix_duplicate_cacrt_in_ldap plugin no longer restarts DS when CA is disabled or no duplicate cacrt entry was dedected. Related: https://pagure.io/freeipa/issue/7125 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
This commit is contained in:
parent
21186540f0
commit
0a2b6ca6ee
@ -35,16 +35,16 @@ class update_fix_duplicate_cacrt_in_ldap(Updater):
|
|||||||
"""
|
"""
|
||||||
When multiple entries exist for IPA CA cert in ldap, remove the duplicate
|
When multiple entries exist for IPA CA cert in ldap, remove the duplicate
|
||||||
|
|
||||||
After this plugin, ds needs to be restarted. This ensures that
|
After this plugin has removed duplicate entries, DS needs to be
|
||||||
the attribute uniqueness plugin is working and prevents
|
restarted. This ensures that the attribute uniqueness plugin is working
|
||||||
other plugins from adding duplicates.
|
and prevents other plugins from adding duplicates.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def execute(self, **options):
|
def execute(self, **options):
|
||||||
# If CA is disabled, no need to check for duplicates of IPA CA
|
# If CA is disabled, no need to check for duplicates of IPA CA
|
||||||
ca_enabled = self.api.Command.ca_is_enabled()['result']
|
ca_enabled = self.api.Command.ca_is_enabled()['result']
|
||||||
if not ca_enabled:
|
if not ca_enabled:
|
||||||
return True, []
|
return False, []
|
||||||
|
|
||||||
# Look for the IPA CA cert subject
|
# Look for the IPA CA cert subject
|
||||||
ldap = self.api.Backend.ldap2
|
ldap = self.api.Backend.ldap2
|
||||||
@ -66,7 +66,7 @@ class update_fix_duplicate_cacrt_in_ldap(Updater):
|
|||||||
except errors.NotFound:
|
except errors.NotFound:
|
||||||
# No duplicate, we're good
|
# No duplicate, we're good
|
||||||
logger.debug("No duplicates for IPA CA in LDAP")
|
logger.debug("No duplicates for IPA CA in LDAP")
|
||||||
return True, []
|
return False, []
|
||||||
|
|
||||||
logger.debug("Found %d entrie(s) for IPA CA in LDAP", len(result))
|
logger.debug("Found %d entrie(s) for IPA CA in LDAP", len(result))
|
||||||
cacert_dn = DN(('cn', get_ca_nickname(self.api.env.realm)), base_dn)
|
cacert_dn = DN(('cn', get_ca_nickname(self.api.env.realm)), base_dn)
|
||||||
|
Loading…
Reference in New Issue
Block a user