ipa-dns-install: use STARTTLS to connect to DS

BindInstance et al. now use STARTTLS to set up secure connection to DS during ipa-dns-install. This fixes https://fedorahosted.org/freeipa/ticket/4933 Reviewed-By: Martin Basti <mbasti@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-03-12 16:14:22 +01:00
parent a58b77ca9c
commit 7b6bee030d
6 changed files with 33 additions and 17 deletions
--- a/ipaserver/install/dnskeysyncinstance.py
+++ b/ipaserver/install/dnskeysyncinstance.py
@@ -62,13 +62,14 @@ def dnssec_container_exists(fqdn, suffix, dm_password=None, ldapi=False,

 class DNSKeySyncInstance(service.Service):
    def __init__(self, fstore=None, dm_password=None, logger=root_logger,
-                 ldapi=False):
+                 ldapi=False, start_tls=False):
        service.Service.__init__(
            self, "ipa-dnskeysyncd",
            service_desc="DNS key synchronization service",
            dm_password=dm_password,
-            ldapi=ldapi
-            )
+            ldapi=ldapi,
+            start_tls=start_tls
+        )
        self.dm_password = dm_password
        self.logger = logger
        self.extra_config = [u'dnssecVersion 1', ]  # DNSSEC enabled