mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 08:00:02 -06:00
DS install: fix DS asking for NSS pin during install
DS now comes with nsslapd-security turned on and its own CA cert in its NSS database. We're re-setting the NSS database and setting our own CA cert to it, the DS pin file therefore needs to be updated with the new password after this reset. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
parent
56f8e20013
commit
104ef413ed
@ -826,6 +826,8 @@ class DsInstance(service.Service):
|
||||
dsdb.create_from_pkcs12(self.pkcs12_info[0], self.pkcs12_info[1],
|
||||
ca_file=self.ca_file,
|
||||
trust_flags=trust_flags)
|
||||
# rewrite the pin file with current password
|
||||
dsdb.create_pin_file()
|
||||
server_certs = dsdb.find_server_certs()
|
||||
if len(server_certs) == 0:
|
||||
raise RuntimeError("Could not find a suitable server cert in import in %s" % self.pkcs12_info[0])
|
||||
@ -842,6 +844,8 @@ class DsInstance(service.Service):
|
||||
self.add_cert_to_service()
|
||||
else:
|
||||
dsdb.create_from_cacert()
|
||||
# rewrite the pin file with current password
|
||||
dsdb.create_pin_file()
|
||||
if self.master_fqdn is None:
|
||||
ca_args = [
|
||||
paths.CERTMONGER_DOGTAG_SUBMIT,
|
||||
@ -883,8 +887,6 @@ class DsInstance(service.Service):
|
||||
if prev_helper is not None:
|
||||
self.add_cert_to_service()
|
||||
|
||||
dsdb.create_pin_file()
|
||||
|
||||
self.cacert_name = dsdb.cacert_name
|
||||
|
||||
ldap_uri = ipaldap.get_ldap_uri(self.fqdn)
|
||||
|
Loading…
Reference in New Issue
Block a user