mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
replication: augment setup_promote_replication method
the method that sets up initial GSSAPI replication in DL1 was augmented so that the specified bind DN/bind password allows simple bind to remote master using STARTTLS. The CA certificate for the connection is also configurable. This facilitates the use of this method in DL0 where GSSAPI bind can not be used during DS bootstrap while DM credentials are available. https://fedorahosted.org/freeipa/ticket/6406 Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
parent
9d7943f3da
commit
3dc9ab1621
@ -1602,12 +1602,16 @@ class ReplicationManager(object):
|
||||
entry['nsDS5ReplicaBindDN'].remove(replica_binddn)
|
||||
conn.update_entry(entry)
|
||||
|
||||
def setup_promote_replication(self, r_hostname):
|
||||
def setup_promote_replication(self, r_hostname, r_binddn=None,
|
||||
r_bindpw=None, cacert=CACERT):
|
||||
# note - there appears to be a bug in python-ldap - it does not
|
||||
# allow connections using two different CA certs
|
||||
ldap_uri = ipaldap.get_ldap_uri(r_hostname)
|
||||
r_conn = ipaldap.LDAPClient(ldap_uri)
|
||||
r_conn.gssapi_bind()
|
||||
r_conn = ipaldap.LDAPClient(ldap_uri, cacert=cacert)
|
||||
if r_bindpw:
|
||||
r_conn.simple_bind(r_binddn, r_bindpw)
|
||||
else:
|
||||
r_conn.gssapi_bind()
|
||||
|
||||
# Setup the first half
|
||||
l_id = self._get_replica_id(self.conn, r_conn)
|
||||
|
Loading…
Reference in New Issue
Block a user