Support initializing memberof during replication re-init using GSSAPI

The last step of a replication re-initiailization is to run the
memberof task. The current function would only authenticate using simple
auth to monitor the task but we may be doing this using admin GSSAPI
credentials so support that type of bind as well.

In short this fixes:
 # kinit admin
 # ipa-replica-manage re-initialize --from=master.example.com

https://fedorahosted.org/freeipa/ticket/1248
This commit is contained in:
Rob Crittenden
2011-06-10 16:30:13 -04:00
committed by Martin Kosek
parent 7940270b9f
commit 645e55651e

View File

@@ -441,7 +441,10 @@ class DsInstance(service.Service):
dn = "cn=IPA install %s,cn=memberof task,cn=tasks,cn=config" % self.sub_dict["TIME"]
logging.debug("Waiting for memberof task to complete.")
conn = ipaldap.IPAdmin("127.0.0.1")
if self.dm_password:
conn.simple_bind_s("cn=directory manager", self.dm_password)
else:
conn.do_sasl_gssapi_bind()
conn.checkTask(dn, dowait=True)
conn.unbind()