Ensure ipa-adtrust-install is run with Kerberos ticket for admin user

When setting up AD trusts support, ipa-adtrust-install utility
needs to be run as:
   - root, for performing Samba configuration and using LDAPI/autobind
   - kinit-ed IPA admin user, to ensure proper ACIs are granted to
     fetch keytab

As result, we can get rid of Directory Manager credentials in ipa-adtrust-install

https://fedorahosted.org/freeipa/ticket/2815
This commit is contained in:
Alexander Bokovoy
2012-07-13 18:12:48 +03:00
committed by Martin Kosek
parent 16ca564b10
commit 68d5fe1ec7
8 changed files with 117 additions and 78 deletions

View File

@@ -225,10 +225,9 @@ def get_outputList(data):
class CADSInstance(service.Service):
def __init__(self, host_name=None, realm_name=None, domain_name=None, dm_password=None):
service.Service.__init__(self, "pkids")
service.Service.__init__(self, "pkids", dm_password=dm_password, ldapi=False, autobind=service.DISABLED)
self.serverid = "PKI-IPA"
self.realm_name = realm_name
self.dm_password = dm_password
self.sub_dict = None
self.domain = domain_name
self.fqdn = host_name