Add the CA cert to LDAP after the CA install

The DS is installed before the CA cert is generated. Trying to add the cert to LDAP before it exists resulted in a nasty-looking error message. This moves the cert upload to after the CA cert is ready and the certdb is created. Move the cert upload to after thecertdb is generated. https://fedorahosted.org/freeipa/ticket/3375
2025-02-25 18:55:28 -06:00 · 2013-01-24 11:11:03 -05:00
parent 77bb4b5177
commit b382a77fc3
2 changed files with 4 additions and 2 deletions
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -1030,6 +1030,9 @@ def main():
            ca.enable_client_auth_to_db()
            ca.restart()

+    # Upload the CA cert to the directory
+    ds.upload_ca_cert()
+
    # Create a kerberos instance
    if options.pkinit_pin:
        [pw_fd, pw_name] = tempfile.mkstemp()
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -262,7 +262,6 @@ class DsInstance(service.Service):
        self.step("adding range check plugin", self.__add_range_check_plugin)
        if hbac_allow:
            self.step("creating default HBAC rule allow_all", self.add_hbac)
-        self.step("Upload CA cert to the directory", self.__upload_ca_cert)

        self.__common_post_setup()

@@ -589,7 +588,7 @@ class DsInstance(service.Service):
        # check for open secure port 636 from now on
        self.open_ports.append(636)

-    def __upload_ca_cert(self):
+    def upload_ca_cert(self):
        """
        Upload the CA certificate in DER form in the LDAP directory.
        """