install: use ldaps for pkispawn in ipa-ca-install

Commit 822e1bc82a undone the fix from commit
276d16775a, breaking ipa-ca-install on
servers with hardened DS configuration.

Put the fix back to make ipa-ca-install work on hardened DS configuration
again.

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>

ipaserver/install/ca.py

@@ -188,7 +188,8 @@ def install_step_0(standalone, replica_config, options):
                           master_replication_port=master_replication_port,
                           ra_p12=ra_p12,
                           ra_only=ra_only,
-                          promote=promote)
+                          promote=promote,
+                          use_ldaps=standalone)
 
 
 def install_step_1(standalone, replica_config, options):

ipaserver/install/cainstance.py

@@ -330,7 +330,7 @@ class CAInstance(DogtagInstance):
                            master_replication_port=None,
                            subject_base=None, ca_signing_algorithm=None,
                            ca_type=None, ra_p12=None, ra_only=False,
-                           promote=False):
+                           promote=False, use_ldaps=False):
         """Create a CA instance.
 
            To create a clone, pass in pkcs12_info.
@@ -363,6 +363,7 @@ class CAInstance(DogtagInstance):
         else:
             self.ca_type = 'generic'
         self.no_db_setup = promote
+        self.use_ldaps = use_ldaps
 
         # Determine if we are installing as an externally-signed CA and
         # what stage we're in.
@@ -495,6 +496,9 @@ class CAInstance(DogtagInstance):
         config.set("CA", "pki_ds_base_dn", self.basedn)
         config.set("CA", "pki_ds_database", "ipaca")
 
+        if self.use_ldaps:
+            self._use_ldaps_during_spawn(config)
+
         # Certificate subject DN's
         config.set("CA", "pki_subsystem_subject_dn",
             str(DN(('cn', 'CA Subsystem'), self.subject_base)))