Don't create DS SSCA and self-signed cert

Instruct lib389 to not create its self-signed CA and temporary self-signed certificate. FreeIPA uses local connections and Unix socket for bootstrapping. Fixes: https://pagure.io/freeipa/issue/8502 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2020-09-16 16:06:10 +02:00
parent 8ba15027d4
commit 3c86baf0ad
2 changed files with 9 additions and 0 deletions
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -544,6 +544,7 @@ class DsInstance(service.Service):
        slapd_options = Slapd2Base(logger)
        slapd_options.set('instance_name', self.serverid)
        slapd_options.set('root_password', self.dm_password)
+        slapd_options.set('self_sign_cert', False)
        slapd_options.verify()
        slapd = slapd_options.collect()