Fix CA replica install on DL1

Dogtag requires Directory Manager password for its installation. On Domain Level 1 a special password for Directory Manager is created and used during the installation. However, by importing the real DM password from remote LDAP, we can no longer use the temporary password from the replica installation. https://fedorahosted.org/freeipa/ticket/6392 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-11-09 17:55:56 +01:00 · 2016-11-09 17:55:56 +01:00 · 8c742b1539
commit 8c742b1539
parent 7cd3b1bfa7
1 changed files with 1 additions and 1 deletions
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@ -1378,7 +1378,6 @@ def install(installer):
                                                 config.realm_name)
    if promote:
        custodia.create_replica(config.master_host_name)
-        custodia.import_dm_password(config.master_host_name)
    else:
        custodia.create_instance()

@ -1400,6 +1399,7 @@ def install(installer):
    krb.restart()

    if promote:
+        custodia.import_dm_password(config.master_host_name)
        promote_sssd(config.host_name)
        promote_openldap_conf(config.host_name, config.master_host_name)