replication: augment setup_promote_replication method

the method that sets up initial GSSAPI replication in DL1 was augmented so
that the specified bind DN/bind password allows simple bind to remote master
using STARTTLS. The CA certificate for the connection is also configurable.

This facilitates the use of this method in DL0 where GSSAPI bind can not be
used during DS bootstrap while DM credentials are available.

https://fedorahosted.org/freeipa/ticket/6406

Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
Martin Babinsky 2016-11-09 14:44:05 +01:00 committed by Martin Basti
parent 9d7943f3da
commit 3dc9ab1621

View File

@ -1602,12 +1602,16 @@ class ReplicationManager(object):
entry['nsDS5ReplicaBindDN'].remove(replica_binddn)
conn.update_entry(entry)
def setup_promote_replication(self, r_hostname):
def setup_promote_replication(self, r_hostname, r_binddn=None,
r_bindpw=None, cacert=CACERT):
# note - there appears to be a bug in python-ldap - it does not
# allow connections using two different CA certs
ldap_uri = ipaldap.get_ldap_uri(r_hostname)
r_conn = ipaldap.LDAPClient(ldap_uri)
r_conn.gssapi_bind()
r_conn = ipaldap.LDAPClient(ldap_uri, cacert=cacert)
if r_bindpw:
r_conn.simple_bind(r_binddn, r_bindpw)
else:
r_conn.gssapi_bind()
# Setup the first half
l_id = self._get_replica_id(self.conn, r_conn)