From 6a9846f3f3d04800e2fab64eb52dee887af8af60 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Wed, 10 Nov 2010 17:33:02 -0500 Subject: [PATCH] Set CACERTDIR during install to work around openldap bug Even though ldap.conf(5) claims that LDAPTLS_CACERT takes precedence over LDAPTLS_CACERTDIR, this seems to be broken in F14. This patch works around the issue by setting both into the environment. https://fedorahosted.org/freeipa/ticket/467 --- ipaserver/install/dsinstance.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index b6fcb4e21..89613bc31 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -497,7 +497,9 @@ class DsInstance(service.Service): "-y", dmpwdfile, "-T", admpwdfile, "uid=admin,cn=users,cn=accounts,"+self.suffix] try: - ipautil.run(args, env = { 'LDAPTLS_CACERT':CACERT }) + env = { 'LDAPTLS_CACERTDIR':os.path.dirname(CACERT), + 'LDAPTLS_CACERT':CACERT } + ipautil.run(args, env=env) logging.debug("ldappasswd done") except ipautil.CalledProcessError, e: print "Unable to set admin password", e