mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Ensure ipa-adtrust-install is run with Kerberos ticket for admin user
When setting up AD trusts support, ipa-adtrust-install utility needs to be run as: - root, for performing Samba configuration and using LDAPI/autobind - kinit-ed IPA admin user, to ensure proper ACIs are granted to fetch keytab As result, we can get rid of Directory Manager credentials in ipa-adtrust-install https://fedorahosted.org/freeipa/ticket/2815
This commit is contained in:
committed by
Martin Kosek
parent
16ca564b10
commit
68d5fe1ec7
@@ -225,10 +225,9 @@ def get_outputList(data):
|
||||
|
||||
class CADSInstance(service.Service):
|
||||
def __init__(self, host_name=None, realm_name=None, domain_name=None, dm_password=None):
|
||||
service.Service.__init__(self, "pkids")
|
||||
service.Service.__init__(self, "pkids", dm_password=dm_password, ldapi=False, autobind=service.DISABLED)
|
||||
self.serverid = "PKI-IPA"
|
||||
self.realm_name = realm_name
|
||||
self.dm_password = dm_password
|
||||
self.sub_dict = None
|
||||
self.domain = domain_name
|
||||
self.fqdn = host_name
|
||||
|
Reference in New Issue
Block a user