IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-11 00:31:56 -06:00
Code Issues Packages Projects Releases Wiki Activity

Don't create DS SSCA and self-signed cert

Browse Source 
Instruct lib389 to not create its self-signed CA and temporary
self-signed certificate. FreeIPA uses local connections and Unix socket
for bootstrapping.

Fixes: https://pagure.io/freeipa/issue/8502
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Christian Heimes 2020-09-16 16:06:10 +02:00 committed by Rob Crittenden
parent 8ba15027d4
commit 3c86baf0ad
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ipaserver/install/dsinstance.py
View File

@ -544,6 +544,7 @@ class DsInstance(service.Service):
slapd_options = Slapd2Base(logger)
slapd_options.set('instance_name', self.serverid)
slapd_options.set('root_password', self.dm_password)
slapd_options.set('self_sign_cert', False)
slapd_options.verify()
slapd = slapd_options.collect()

8
ipatests/test_integration/test_installation.py
View File

@ -971,6 +971,14 @@ class TestInstallMaster(IntegrationTest):
assert result.returncode != 0
assert 'user with name "root" already exists' in result.stderr_text
def test_dirsrv_no_ssca(self):
# verify that lib389 installer no longer creates self-signed CA
result = self.master.run_command(
["stat", "/etc/dirsrv/ssca"],
raiseonerr=False
)
assert result.returncode != 0
class TestInstallMasterKRA(IntegrationTest):