Support initializing memberof during replication re-init using GSSAPI

The last step of a replication re-initiailization is to run the memberof task. The current function would only authenticate using simple auth to monitor the task but we may be doing this using admin GSSAPI credentials so support that type of bind as well. In short this fixes: # kinit admin # ipa-replica-manage re-initialize --from=master.example.com https://fedorahosted.org/freeipa/ticket/1248
2024-12-28 01:41:14 -06:00 · 2011-06-10 16:30:13 -04:00 · 2011-06-10 16:30:13 -04:00 · 645e55651e
commit 645e55651e
parent 7940270b9f
1 changed files with 4 additions and 1 deletions
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@ -441,7 +441,10 @@ class DsInstance(service.Service):
        dn = "cn=IPA install %s,cn=memberof task,cn=tasks,cn=config" % self.sub_dict["TIME"]
        logging.debug("Waiting for memberof task to complete.")
        conn = ipaldap.IPAdmin("127.0.0.1")
-        conn.simple_bind_s("cn=directory manager", self.dm_password)
+        if self.dm_password:
+            conn.simple_bind_s("cn=directory manager", self.dm_password)
+        else:
+            conn.do_sasl_gssapi_bind()
        conn.checkTask(dn, dowait=True)
        conn.unbind()