Fix NSS initialization errors during ipa-replica-prepare

When enabling replication we make an SSL connection. I think the way
this goes is python-ldap -> openldap -> NSS. It may be a problem in
the openldap SSL client, maybe it isn't calling NSS_Shutdown(). In any
case if we use ldapi instead the problem goes away.

Back out the temporary code to ignore nss_shutdown errors.

ticket 965

ipapython/nsslib.py

@@ -126,11 +126,7 @@ class NSSConnection(httplib.HTTPConnection):
         if nss.nss_is_initialized():
             # close any open NSS database and use the new one
             ssl.clear_session_cache()
-            try:
-                nss.nss_shutdown()
-            except NSPRError, e:
-                # FIXME: errors shouldn't be raised here
-                logging.debug('nss_shutdown: %s', str(e))
+            nss.nss_shutdown()
         nss.nss_init(dbdir)
         ssl.set_domestic_policy()
         nss.set_password_callback(self.password_callback)

ipaserver/install/replication.py

@@ -60,7 +60,7 @@ def enable_replication_version_checking(hostname, realm, dirman_passwd):
     enabled then enable it and restart 389-ds. If it is enabled
     the do nothing.
     """
-    conn = ipaldap.IPAdmin(hostname, port=PORT, cacert=CACERT)
+    conn = ipaldap.IPAdmin(hostname, realm=realm, ldapi=True)
     if dirman_passwd:
         conn.do_simple_bind(bindpw=dirman_passwd)
     else: