Set CACERTDIR during install to work around openldap bug

Even though ldap.conf(5) claims that LDAPTLS_CACERT takes precedence over
LDAPTLS_CACERTDIR, this seems to be broken in F14. This patch works around
the issue by setting both into the environment.

https://fedorahosted.org/freeipa/ticket/467

ipaserver/install/dsinstance.py

@@ -497,7 +497,9 @@ class DsInstance(service.Service):
                     "-y", dmpwdfile, "-T", admpwdfile,
                     "uid=admin,cn=users,cn=accounts,"+self.suffix]
             try:
-                ipautil.run(args, env = { 'LDAPTLS_CACERT':CACERT })
+                env = { 'LDAPTLS_CACERTDIR':os.path.dirname(CACERT),
+                        'LDAPTLS_CACERT':CACERT }
+                ipautil.run(args, env=env)
                 logging.debug("ldappasswd done")
             except ipautil.CalledProcessError, e:
                 print "Unable to set admin password", e